System Management and Configuration
Network services
Network services are an important subset of the exam objectives. RHCE candidates should be capable of meeting the following objectives for each of the network services listed below:
- Install the packages needed to provide the service.
- Configure SELinux to support the service.
- Configure the service to start when the system is booted.
- Configure the service for basic operation.
- Configure host-based and user-based security for the service.
User should be able to do the following for all these services:
SMTP
Hackmode has a good article about setting postfix for the first time.
To test that e-mail is working you can - tada - use an e-mail client.
You have lots of details in /usr/share/doc/postfix-N ( the path should be in /etc/postfix/main.cf )
- Install the packages needed to provide the service.
yum install postfix - Configure SELinux to support the service
getsebool -a|grep postfix- Configure the service to start when the system is booted.
chkconfig postfix on- Configure the service for basic operation.
- set hostname to host.example.com
/etc/postfix/main.cfand define (this assumes hostname is host.example.com):
myhostname = host.example.com
mydomain = example.com
myorigin = $mydomain
inet_interfaces = all
mydestination = add $mydomain to the default one
home_mailbox = Maildir/
- Update firewall to allow port 25 tcp
-
Test with: nc localhost 25
-
Configure host-based and user-based security for the service
-
iptables or $mynetworks in main.cf
- user: postmap
In CLI (important to use ' and not "):
## hostname - record the output of this
postconf -e 'myhostname = output from hostname in here'
## hostname -d
postconf -e 'mydomain = output from hostname -d in here'
postconf -e 'myorigin = $mydomain'
postconf -e 'inet_interface = all'
postconf -e 'mydestination = $myhostname, localhost, $mydomain'
postconf -e 'mynetworks = 127.0.0.0/8 [::1]/128, /32'
postconf -e 'relay_domains = $mydestination'
postconf -e 'home_mailbox = Maildir/'
To use it:
useradd -s /sbin/nologin labber
passwd labber
Edit /etc/aliases and add:
labber: labber
Then run:
newaliases
service postfix start
service postfix status
netstat -nlp|grep master
Send e-mail:
mail -s "Test e-mail here" labber@mydomain
test123
.
The . at the end is quite nice, that stops the input.
Check e-mail:
cat /home/labber/Maildir/new/*
Real E-mail Client
But, perhaps you want to check this out with a real e-mail client like thunderbird 10.
For this there needs to be a e-mail server that stores the e-mails on the server.
For this we can use 'dovecot'
yum install dovecot
service dovecot start
- Update iptables to allow ports 25 and 143 (TCP)
- Update main.cf to allow from your IP
- Restart services
- Add new account in thunderbird
- do use the IP address of your server, not the DNS
- do not use SMTP security (or username), but use password authentication
- do use IMAP STARTTLS security, username: labber, password auth
Thunderbird is quite nice, it will often tell you which setting is wrong.
You can use /var/log/maillog for details on the server-side (to see if you get connections at all for example).
Deny a User
To illustrate this feature we first need to add a second user/e-mail account:
useradd -s /sbin/nologin labrat
passwd labrat
echo "labrat: labrat" >> /etc/aliases
newaliases
service postfix restart
service dovecot restart
mail -s "test" labrat@mydomain
You need to send an e-mail to the e-mail address before you can add it in Thunderbird (because the user does not have a $HOME/Maildir until you do).
After the new user has been created and added to your e-mail client do the following:
cd /etc/postfix
echo "labber@mydomain REJECT" >> sender_access
postmap hash:sender_access
echo "smtpd_sender_restrictions = check_sender_access hash:/etc/postfix/sender_access" >> /etc/postfix/main.cf
service postfix restart
Try:
- to send an e-mail from and to both accounts
Extra
-
Configure a mail transfer agent (MTA) to accept inbound email from other systems.
-
inet_interfaces = all -
Configure an MTA to forward (relay) email through a smart host.
-
relayhost=hostname.domain.com
If I understand this correctly to setup the above two we would need to have two servers.