Friday, 14 June 2013

Domain Name Server - A Simple Name Resolving Model

DNS (Domain Name System), also known as a nameserver, is a network system that associates hostnames with their respective IP addresses. For users, this has the advantage that they can refer to machines on the network by names that are usually easier to remember than the numerical network addresses called IPs. For system administrators, using the nameserver allows them to change the IP address for a host without ever affecting the name-based queries, or to decide which machines handle these queries.

DNS is usually implemented using one or more centralized servers that are authoritative for certain domains. When a client host requests information from a nameserver, it usually connects to port 53. The nameserver then attempts to resolve the name requested. If it does not have an authoritative answer, or does not already have the answer cached from an earlier query, it queries other nameservers, called root nameservers, to determine which nameservers are authoritative for the name in question, and then queries them to get the requested name. Nameserver Zones:In a DNS server such as BIND (Berkeley Internet Name Domain), all information is stored in basic data elements called resource records (RR). The resource record is usually a fully qualified domain name (FQDN) of a host, and is broken down into multiple sections organized into a tree-like hierarchy. This hierarchy consists of a main trunk, primary branches, secondary branches, and so on.Here is a simple guide to install DNS on RHEL6. Consider a fresh installation of redhat enterprise linux on a machine, to make it simple.BIND consists of a set of DNS-related programs. It contains a nameserver called named, an administration utility called rndc, and a debugging tool called dig.

Note the following:

Host machine IP Address:


Make following enteries in the following files:

# vim /etc/resolv.conf



# vim /etc/hosts desktop24 localhost.localdomain localhost

Make sure to assign static IP address to the machine.First check the Ethernet LAN port on which the machine is connected using following commands:

# mii-tools# ethtool eth0

After that edit the network file:

# vim /etc/sysconfig/network-scripts/ifcfg-eth0








save and quit

Now stop the service of NetworkManager and restart the service of network.

# /etc/init.d/NetworkManager stop;chkconfig NetworkManager off

#/etc/init.d/network restart;chkconfig network on

Now, make sure YUM is working on your machine.

Install the following packages on the machine using YUM.

# yum install -y bind*

When installation is completed, we proceed with the configuration,main configuration files are:



also we need to include some files, we discuss about them later.Edit the configuration file as:

# vim /var/named/chroot/etc/named.conf

// named.conf
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
// See /usr/share/doc/bind*/sample/ for example named configuration files.

options {
        listen-on port 53 {;; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

logging {
        channel default_debug {
                file "data/";
                severity dynamic;

zone "." IN {
        type hint;
        file "";

zone "" IN {
        type master;
        file "";
        allow-update { none; };
zone "" IN {
        type master;
        file "";
        allow-update { none; };

Save and quit the file.

Write only the above lines in the file, if you don't know how to customize DNS.
Also create the new files that you have added in the above file:
# vim /var/named/chroot/var/named/
@       IN SOA (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
desktop24       A

desktop23       A

save and quit.

# vim /var/named/chroot/var/named/

@       IN SOA (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
24      PTR     desktop24.

Save and quit.

Make sure that the firewall and SELinux is off, also the owner ship of the above two files is as:

# cd /var/named/chroot/var/named/

# chown root.named

# chown root.named

These lines may be at any sequence.
Now restart the service and send query to the DNS.

# /etc/init.d/named restart;chkconfig named on

Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

[root@desktop24 ~]# nslookup


[root@desktop24 ~]# dig

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22786
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;         IN      A

;; ANSWER SECTION:  86400   IN      A

;; AUTHORITY SECTION:            86400   IN      NS

;; Query time: 0 msec
;; WHEN: Sat Oct  4 05:18:13 2014
;; MSG SIZE  rcvd: 69

[root@desktop24 ~]# dig

; <<>> DiG 9.7.0-P2-RedHat-9.7.0-5.P2.el6 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14385
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;         IN      A

;; ANSWER SECTION:  86400   IN      A

;; AUTHORITY SECTION:            86400   IN      NS

;; ADDITIONAL SECTION:  86400   IN      A

;; Query time: 0 msec
;; WHEN: Sat Oct  4 05:19:32 2014
;; MSG SIZE  rcvd: 95

If some reply is received, means your dns is resolving.

save and quit.

Thursday, 13 June 2013

Mail Server Configuration with courier-imap on RHEL5

This is simple doc to install Mail server on RHEL 5 with courier-imap.

1. First of  all install rhel5 on the system.

2. Copy the Server directory from ISO/CD to the location:


#rsync –avz /media/RHEL_5.6/Server /var/www/html/Server/

3. Create yum on the freshly created system.

# vim /etc/yum.repos.d/server.repo
esc :wq

4. Now install the following packages using yum.

# yum install *mysql* *php* *rpm* *http* *system-sw* -y

5. Download postfixadmin-

6. [root@mail~] # mkdir /var/www/html/mailadmin

7. [root@mail~] # cp Dosktop/postfixadmin- /var/www/html/

8. [root@mail html] # tar -zxf /postfixadmin-

9. [root@mail postfixadmin-] # cp 

10. [root@mail postfixadmin-]# vi

$CONF['database_type'] = 'mysql';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix';
$CONF['database_password'] = 'postfix';
$CONF['database_name'] = 'postfix';
$CONF['admin_email'] = '';
$CONF['encrypt'] = 'cleartext';
// Default Aliases
// The default aliases that need to be created for all domains.
$CONF['default_aliases'] = array (
    'abuse' => '',
    'hostmaster' => '',
    'postmaster' => '',
    'webmaster' => ''
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'YES';
$CONF['vacation_domain'] = 'autoreply.change-this-toyour.domain.tld';
$CONF['show_footer_text'] = 'YES';
$CONF['footer_text'] = '';
$CONF['footer_link'] = '';

11. [root@mail html]# mv  postfixadmin- mailadmin

12. [root@mail mailadmin]# service httpd restart

13. [root@mail mailadmin]# service mysqld  restart

14. [root@mail html]# mysqladmin password "postfix" (set password database user)

15. [root@mail html]# mysql -u root -p

Enter password:   
  mysql> CREATE DATABASE postfix; 
  mysql> CREATE USER 'postfix'@'localhost' IDENTIFIED BY 'postfix';
  mysql>  GRANT ALL PRIVILEGES ON `postfix` . * TO 'postfix'@'localhost';
  mysql> show databases;
| Database           |
| information_schema |
| mysql              |
| postfix            |
| test               |
4 rows in set (0.00 sec) 
mysql> quit

16. [root@mail mailadmin]# /etc/init.d/httpd restart

17.  Now open web-browser and enter the following address.

18.  Click on the SETUP link on the page opened.

19. [root@mail mailadmin]# vim 
$CONF['configured'] = false;  

20. Now add the account of the super user at the end and rename the setup.php file in mailadmin/.

21. [root@mail mailadmin]# mv setup.php setup.php-org

22. [root@mail mailadmin]# service httpd restart 

23.  Create a new user, to build the rpms.
# useradd rpmbuild
# passwd rpmbuild

24.  Download the source rpm from internet and copy to home directory of user.
# cp Desktop/postfix-2.5.5-1.src.rpm /home/rpmbuild/
# chown rpmbuild.rpmbuild /home/rpmbuild/postfix-2.5.5-1.src.rpm

25.  Now switch to new user and create following directory set:

# su - rpmbuild
[rpmbuild@mail ~]$ mkdir rpm
[rpmbuild@mail ~]$  mkdir rpm/SOURCES
[rpmbuild@mail ~]$  mkdir rpm/SPECS
[rpmbuild@mail ~]$  mkdir rpm/BUILD
[rpmbuild@mail ~]$  mkdir rpm/SRPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS
[rpmbuild@mail ~]$  mkdir rpm/RPMS/x86_64
[rpmbuild@mail ~]$  echo "%_topdir    $HOME/rpm" >> $HOME/.rpmmacros

26.  Now install the source RPM that was downloaded.
[rpmbuild@mail ~]$  rpm -ivh postfix-2.5.5-1.src.rpm

27.  Now edit the postfix.spec file, that is automatically created under rpm/SPECS/

[rpmbuild@mail ~]$ cd rpm/SPECS
[rpmbuild@mail SPECS]$ ls
[rpmbuild@mail SPECS]$ vim postfix.spec
%define with_mysql_redhat 1
    %define with_sasl         2
    %define with_vda       1 
{Replace every occurrence of rhel4 with rhel5 in the file.}

28.  Now build the rpm using RPMBUILD.

[rampal@mail SPECS]$ rpmbuild -ba postfix.spec 

29. This will create rpms on following locations:

[rampal@mail SPECS]$  logout 

30.  Install these packages as root.

[root@mail i386]# rpm -Uvh postfix-2.5.5-1.rhel5.i386.rpm
[root@mail i386]# rpm -Uvh postfix-debuginfo-2.5.5-1.rhel5.i386.rpm  
[root@mail i386]# postconf -m    

31.  Download courier-imap-4.4.1.tar.bz2 from internet and copy this to home directory of the user. Change the user ownership of the file.

32. Also download  the file courier-authlib-0.61.0.tar.bz2 and copy this file also to the home directory of the user, also change the ownership.

[root@mail Desktop]# cp courier-imap-4.1.1.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-imap-4.1.1.tar.bz2  
[root@mail Desktop]# cp courier-authlib-0.58.tar.bz2 /home/rampal/
[root@mail Desktop]# chown rampal.rampal /home/rampal/courier-authlib-0.58.tar.bz2

33.  Now switch to user and build the rpm using rpmbuild.

[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

34.  Install the dependencies of the rpmbuild as the root user using yum.

[root@mail Desktop]# yum install *libtool*
[root@mail Desktop]# yum install *postgresql-devel*
[root@mail Desktop]# yum install *gdbm-devel*
[root@mail Desktop]# yum install *pam-devel
[root@mail Desktop]# yum install *expect*
[root@mail Desktop]# yum install *gcc-c++*
[root@mail Desktop]# su - rampal
[rampal@mail ~]$  rpmbuild -ta  courier-authlib-0.58.tar.bz2
[rampal@mail~]$ logout

35.  Now packages are created on the following location. Install these packages.

[root@mail ~]$ cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]$ rpm -ivh courier-authlib-0.58-1.5Server.i386.rpm
[root@mail i368]$ rpm -ivh  courier-authlib-debuginfo-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-devel-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh  courier-authlib-ldap-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-mysql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pgsql-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-pipe-0.58-1.5Server.i386.rpm
[root@mail i386]$ rpm -ivh courier-authlib-userdb-0.58-1.5Server.i386.rpm
[root@mail ~]# su - rampal

36.  Now untar the courier-imap file , make following changes in the file and copy it to rpm/SPEC/ location.

[rampal@mail ~]$  tar -jxvf courier-imap-4.1.1.tar.bz2
[rampal@mail ~]$ cd courier-imap-4.1.1
[rampal@mail courier-imap-4.1.1]$ cp courier-imap.spec courier-imap.spec-org
[rampal@mail courier-imap-4.1.1]$ vi courier-imap.spec  
BuildPreReq: rpm >= 3.0.5 /usr/bin/sed openldap2 openldap2-devel
BuildPreReq: rpm >= 4.0.2 sed openldap-devel openldap-servers
{remove every thing except these in the above lines in the file}

37.  Now run the rpmbuild command to build the rpm packages. If it shows some dependencies, install those dependencies using yum as root. When the command completes building packages, install those packages as root.

[rampal@mail] courier-imap-4.1.1]$  cp courier-imap.spec /home/rampal/rpm/SPECS/
[rampal@mail]courier-imap-4.1.1]$  cp courier-imap-4.1.1.tar.bz2 /home/rampal/rpm/SOURCES
[rampal@mail~]$  cd rpm/SPECS/
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
    dependencies: openldap* rpm
[ramapl@mail~] logout
[root@mail~]# yum install  openldap*
[root@mail~]# su - rampal
[rampal@mail] SPECS]$ rpmbuild -ba courier-imap.spec
[rampal@mail] SPECS]$ logout
[root@mail ~] cd /home/rampal/rpm/RPMS/i386/
[root@mail i386]# rpm -ivh courier-imap-4.1.1-1.5Server.i386.rpm
[root@mail i386]# rpm -ivh courier-imap-debuginfo-4.1.1-1.5Server.i386.rpm

38.  Now add a virtual user with uid=1001 and gid=1001.

[root@mail ~]#  useradd virtual ( useradd only virtual uid-1001 gid-1001)
[root@mail ~]# passwd virtual 
[root@mail ~]# vi /etc/passwd 
[root@mail ~]# vi /etc/group 
[root@mail ~]# chmod -R 777 /home/virtual/
[root@mail ~]# chown virtual.virtual /home/virtual 

39.  Now copy the file to a temp file and make following changes in the file.

[root@mail postfix]# cp /etc/postfix/ main.cf_org
[root@mail postfix]#  vi /etc/postfix/ 
Add these line in the end of file : 
virtual_alias_maps = mysql:/etc/postfix/
virtual_gid_maps = static:1001
virtual_mailbox_base = /home/virtual
virtual_mailbox_domains = mysql:/etc/postfix/
virtual_mailbox_limit = 51200000
virtual_mailbox_maps = mysql:/etc/postfix/
virtual_minimum_uid = 1001
virtual_transport = virtual
virtual_uid_maps = static:1001
#Additional for quota support
virtual_create_maildirsize = yes
virtual_mailbox_extended = yes
virtual_mailbox_limit_maps = mysql:/etc/postfix/
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message = Sorry, the user's maildir has overdrawn his diskspace quota,   please try again later.
virtual_overquota_bounce = yes
relay_domains = mysql:/etc/postfix/
mynetworks =, 
[root@mail postfix]#  postmap hash:/etc/postfix/aliases
[root@mail postfix]#  service postfix restart 

40.  Add following files in the /etc/postfix directory:

[root@mail ~]# vi /etc/postfix/
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '1' 
[root@mail ~]# vi /etc/postfix/
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT quota FROM mailbox WHERE username='%s' 
[root@mail ~]# vi /etc/postfix/
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT goto FROM alias WHERE address='%s' AND active = 1 
[root@mail ~]# vi /etc/postfix/
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT maildir FROM mailbox WHERE username='%s' AND active = 1 
#  [root@mail~]# vi /etc/postfix/
user = postfix
password = postfix
hosts = localhost
dbname = postfix
query = SELECT domain FROM domain WHERE domain='%s'
#optional query to use when relaying for backup MX
#query = SELECT domain FROM domain WHERE domain='%s' and backupmx = '0' and active = '1' 

41.  Also make changes in following files:

[root@mail ~]# cd /etc/authlib/
[root@mail authlib]#  cp authmysqlrc authmysqlrc_org
[root@mail authlib]# vi authmysqlrc ( This file authentusen file mysql and database 
MYSQL_SERVER            localhost
MYSQL_USERNAME          postfix
MYSQL_PASSWORD          postfix
MYSQL_PORT              0
MYSQL_OPT               0
MYSQL_DATABASE          postfix
MYSQL_USER_TABLE        mailbox
MYSQL_UID_FIELD         1001
MYSQL_GID_FIELD         1001
MYSQL_LOGIN_FIELD       username
MYSQL_HOME_FIELD        '/home/virtual'
MYSQL_NAME_FIELD        name
[root@mail ~]# vim /etc/authlib/authdaemonrc  
authmodulelist=" authmysql "
[root@mail ~]# /etc/init.d/courier-authlib restart
[root@mail ~]# /etc/init.d/courier-imap restart
[root@mail ~]# /etc/init.d/httpd restart

42.  Open web-browser and open following url:

login email = user name@domain name
password=  ******

43.  Now you can add new mailbox, domains and send mails to user from your server.
LDAP: Light-weight Directory Access Protocol

Directory services may provide any organized set of records, often with a hierarchical structure, such as a corporate email directory. Similarly, a telephone directory is a list of subscribers with an address and a phone number.

LDAP is the collection of following packages:

1. Transport Layer Security2. Simple Authentication and Security Layer3. Kerberos Authentication Service4. Database Software 5. Threads6. TCP Wrappers
slapd is an LDAP directory server that runs on many different platforms. slapd is a version 3 of LDAP, supports LDAP over both IPv4 and IPv6 and Unix PC.

Following are the some of the advantages of using SLDAP.

1. slapd supports Unicode and language tags.
2. slapd can be configured to restrict access at the socket layer based on network topology.
3. slapd comes with a variety of databases: BDB and HDB are two.
4. multiple databases can be configured.
5. slapd consists of two distinct parts: a front end that handles protocol communication with LDAP clients; and modules which handle specific tasks such as database operations.
6. These two pieces communicate via a well-defined C API, we can write a customized modules which extend slapd in numerous ways.

Here is the installation guide for setting up a basic LDAP server:
Install the openldap packages using yum:

# yum install openldap-servers

Add the following lines to /etc/sysconfig/iptables file:
# vim /etc/sysconfig/iptables

-A INPUT -m state --state NEW -m udp -p udp --dport 389 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 389 -j ACCEPT

Restart the firewall:

# service iptables restart

Make sure service can run:

# service slapd start

Make sure service is not running:

# service slapd stop

Prepare customized configuration file in slapd.example.conf:

# cp /etc/openldap/slapd.conf.bak slapd.example.conf

Generate root password for LDAP cn=config configuration:

# slappasswd


Modify the defaults in /etc/openldap/slapd.conf:

# vim /etc/openldap/slapd.conf

rootpw {SSHA}R6zJBEcX1ltYDwbWkqYZ8GrrUFQZbKyN

Install the package:

# yum install openldap-clients

Configure the clients through /etc/openldap/ldap.conf. Providing base DN is not necessary as it is dc=example,dc=com by default. However, default URI refers to localhost which has to be changed.

BASE dc=example, dc=com
URI ldap://

This section provides content of initial LDAP database in LDIF format.

Create file with the following content:

# cd /etc/openldap/

# vim

# Root entry

dn: dc=example,dc=com
objectclass: dcObject
objectclass: organization
o: Example Company
dc: example

Create file with the following content:

# vim

# Admin DN
dn: cn=admin,dc=example,dc=com
objectclass: organizationalRole
cn: admin

Create file with the following content:


# Base DN for users

dn: ou=users,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: users

Create file with the following content:

# vim
# Base DN for groups

dn: ou=groups,dc=example,dc=com
changetype: add
objectclass: top
objectclass: organizationalUnit
ou: groups

This section can be used repeatedly to re-set configuration, re-initialize LDAP content and start over again.

Make sure service is not running:

# service slapd stop

Clean up configuration:

# rm -rf /etc/openldap/slapd.d/*

Clean up content:

# rm -rf /var/lib/ldap/*

Copy the file:

# cp /usr/share/doc/openldap-servers-*/DB_CONFIG.example /var/lib/ldap/DB_CONFIG

Initialize DB files for content in /var/lib/ldap directory:

# echo "" | slapadd -f /etc/openldap/slapd.example.conf

Convert configuration file into dynamic configuration under /etc/openldap/slapd.d directory:

# slaptest -f /etc/openldap/slapd.example.conf -F /etc/openldap/slapd.d

Initialize LDAP DB with initial content:

# slapadd -l

# slapadd -l

# slapadd -l

# slapadd -l

Set permissions:

#chown -R ldap:ldap /var/lib/ldap
# chown -R ldap:ldap /etc/openldap/slapd.d

Start server:

# service slapd restart

List the content by request from client:

# ldapsearch -x -b 'dc=example,dc=com'

Load the the rest of LDAP database content from LDIF:

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f

#ldapadd -x -D 'cn=admin,dc=example,dc=com' -W -f

List again

# ldapsearch -x -b 'dc=example,dc=com'