Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> Installing Postfix/configuring
Robert83
post Mar 26 2004, 06:00 AM
Post #1


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

So I've started it , finally smile.gif , I'm using the postfix[blablabla].rpm witch hughesjr provided to someone[can't remember sorry].

I've got a firewall at 192.168.10.1 wich has eth0 connection to internet, and eth1 connection to NAT/Proxy 192.168.10.2 , and has eth3 connected to mail,http,ftp server.

I will be using the domain company.co.yu , so I guess I will need to forward some ports from the firewall to the mail server in order to allow the world to send e-mail to user1@company.co.yu , please tell me which ports need to be open in order to allow the world to send e-mail to my mail server.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I'm using Postfix-2.0.18-3.d~2.tls.vda.i386.rpm
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I've found this cool howto with some examples at Red Hat , the only reason I'm still asking these questions is, that I'm not entirely sure, [well you know how it is at the first time doing something]and maybe I would do some small errors wich later on would cause me big problems.And maybe you have some ideas on how to enhance the mail server even more]

So here is the code for the main.cf :
CODE
  # main.cf
  queue_directory = /var/spool/postfix
  program_directory = /usr/libexec/postfix
  command_directory = /usr/sbin
  daemon_directory = /usr/libexec/postfix
  mail_spool_directory = /var/spool/mail
  mailbox_command = /usr/bin/procmail
 
  mail_owner = postfix
  default_privs = nobody
 
  # server means the actual name of my mail server for example if it is gandalf then the full line
  # would be gandalf.company.co.yu   right?
  myhostname = gandalf.company.co.yu
  mydomain = company.co.yu
  myorigin = $mydomain   # this line is just used to make sure that user@ end with company.co.yu ,right?
   
  notify_classes = resource, software, policy, protocol
  # this will notify the postmaster, what is ment under resource,software,policy,protocol, what will be sent to me?
   
  mydestination = $myhostname, localhost.$mydomain, $mydomain, /etc/postfix/localdomains
  # this tels postfix to accept smtp connections from only the following domains right? , so user with    
  #rob@company2.co.yu can't send smtp trough user@company.co.yu even if he is on the same subnet, right?
  #why is that /etc/postfix/localdomains   at the end?
   
  mynetworks = 192.168.0.0/24 , 127.0.0.1/32
   
  inet_interfaces = eth0
  #would one ethernet interface be enough for a mail server with 30 clients ?
   
  default_transport = smtp
  #I guess this would be ok by default, till now I've only seen smtp used for mail transport under Windows, at least
  #here in . This would also mean that my stmp server would be called like this smtp.company.co.yu right? I mean
  #it's without the hostname of my machine.
   
  virtual_maps = hash:/etc/postfix/virtusertable
  alias_maps = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo
  alias_database = hash:/etc/postfix/aliases, hash:/etc/postfix/majordomo
  #I guess with a default install, leaving this stuff at default would be the best right?, I mean there are no security
  #isues with this default setup right?  , and by the way I don't have majordomo, so I could remove that hash:/etc/
  #/postfix/majordomo , by the way what is this majordomo?
   
  maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com
  #these two can be a bit too restrictive -----> relays.mail-abuse.org, relays.orbs.org
  #I'm not entirily shure what this line does, but I think that it's something about spam e-mails , or am I completely
  #wrong? , what would you suggest leave them be at there default, or is there one better choice?
 
  smtpd_client_restrictions =    [client is the user]
       permit_mynetworks,
       check_client_access hash:/etc/postfix/access,
       reject_maps_rbl,
       reject_unauth_pipelining
 #I guess client is my client connecting to the server from an of the adresses at 192.168.0.0/255.255.255.0
 #what does permit_mynetworks mean? [I think to allow acces for them, I mean access for my clients to use the
 #smtp of the mail server
 #check_client_access hash:/etc/postfix/access  what does this do, mean?
 #reject_maps_rbl  what is this?
 #reject_unauth_pipelining what is this?
   
  smtpd_sender_restrictions =  [sender is the client?, what is the diference between client, sender?]
       permit_mynetworks,
       check_sender_access hash:/etc/postfix/access,
       reject_unknown_sender_domain,
       reject_maps_rbl
   
  smtpd_recipient_restrictions = [this is for the recipient, a person outside my lan hm?]
          permit_mynetworks,
       permit_mx_backup,
       reject_unauth_destination,
       check_relay_domains
  #what does permit_mx_backup mean? and please tell me where can I find some explanation on what MX is is?
     
  smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
  #what use is smtpd_banner ?
   
  relay_domains = $mydestination, /etc/postfix/relay-domains
  #do I need the rela_domains if I'm the only mail server for company.co.yu ?
   
  local_destination_concurrency_limit = 2
  default_destination_concurrency_limit = 10
  debug_peer_level = 2
  #these three lines should be left at default right?
   
  #debugger_command = /usr/bin/strace -p $process_id -o /tmp/smtpd.$process_id & sleep 5
  #I guess I should leave this uncomented
   
  # end of config


Okay then this would be it for the main.cf , please help me with those questions, any ideas would be great , what to do what not to do. Once I get to understand main.cf better, I will be moving on to the virtual user table, but till then I'll stay at the main.cf [don't want to do to much togeather, I might get confused].

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 26 2004, 06:08 AM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



To start with, you need to forward port 25 (tcp) to the e-mail server from outside.

You need to create an MX DNS record on your main DNS server that points to the outside IP address.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Robert83
post Mar 26 2004, 06:28 AM
Post #3


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

port forwarding I can do now, thank to your iptables help.
but I don't know how to create that MX record in my master DNS , by the way , it should be ok to add that MX record to my NAT/Proxy/DNS server right? [I'm running a DNS server caching only one at my NAT/Proxy]


Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 26 2004, 06:36 AM
Post #4


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



#would one ethernet interface be enough for a mail server with 30 clients ? - Yes - one port will serve several thousand users
--------------
mydestination = $myhostname, localhost.$mydomain, $mydomain, /etc/postfix/localdomains
# this tels postfix to accept smtp connections from only the following domains right? - No ... it tells postfix to recieve mail FOR (not send mail from) those domains
-----------
#why is that /etc/postfix/localdomains at the end? So you can recieve mail for other local domains).
---------------
#I guess this would be ok by default, till now I've only seen smtp used for mail transport under Windows, at least here in . This would also mean that my stmp server would be called like this smtp.company.co.yu right? I mean it's without the hostname of my machine.

You have to setup an official DNS name that points to your outside static IP address. Since you only have 1 external static address, I would set up the main A record as company.co.yu ...

Then you need to have several CNAME (alias) records setup to point to company.co.yu ... I would setup www , mail (or smtp if you prefer) , ftp (if you are going to have an ftp server outside), etc.

Then an MX record needs to be created for domain company.co.yu which points to the name mail.company.co.yu (or smtp.company.co.yu if you prefer).

Whatever machine(s) are listed as the NameServers on the domain registration for company.co.yu are required to contain the above records.


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 26 2004, 06:39 AM
Post #5


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



You want to start here for editing the main.cf file:

http://www.postfix.org/basic.html


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
Robert83
post Mar 26 2004, 06:40 AM
Post #6


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,439
Joined: 3-January 04
From: Germany
Member No.: 2,069



Hi,

now this sound SCARRY smile.gif smile.gif oh my god smile.gif

I guess that most of the things in blue at the end of your reply , must be done by my ISP right?
I mean I have to tell them to poing company.co.yu to my ip adress [since it already is asigned to some other]
mail.company.co.yu is also good, so I'll use that then.

Sincerely
Robert B


--------------------
Robert Becskei
robert83@linuxhelp.net
--------------------
May the source be with us!
--------------------
AMD X2-3800 @ 2400Mhz
2048MB DDR 400Mhz
DFI Lanparty UT4 NF4 ULTRA-D
GeForce 7800GT
250GB+250GB
Pioneer DVD-RW
17inch Samsung Syncmaster 757NF
WinXP Pro (SP2)/ CentOS 4.3
--------------------
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 26 2004, 07:02 AM
Post #7


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



QUOTE (Robert83 @ Mar 26 2004, 06:28 AM)
but I don't know how to create that MX record in my master DNS , by the way , it should be ok to add that MX record to my NAT/Proxy/DNS server right? [I'm running a DNS server caching only one at my NAT/Proxy]

Nope ...

If you want to send / recieve mail from the real world, you have to have a domain name and the official name servers for that domain name have to have the records in them ....

for example, I own the domain name hughesjr.com ... that domain has a record that says what the offical DNS servers are ... see the results for dig hughesjr.com
CODE
[root@WhiteBoxLinux linux]# dig hughesjr.com

; <<>> DiG 9.2.2 <<>> hughesjr.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6048
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;hughesjr.com.                  IN      A

;; ANSWER SECTION:
hughesjr.com.           300     IN      A       24.155.54.142

;; AUTHORITY SECTION:
hughesjr.com.           300     IN      NS      ns5.zoneedit.com.
hughesjr.com.           300     IN      NS      ns4.zoneedit.com.

;; Query time: 75 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Mar 26 05:57:20 2004
;; MSG SIZE  rcvd: 91

So, in the AUTHORITY SECTION .... the name servers that have to be updated with name records are ns5.zoneedit.com and ns4.zoneedit.com ... because that is where the rest of the world goes to reslove names like www.hughesjr.com, mail.hughesjr.com , ftp.hughesjr.com. etc. That is also where the mx record(s) are ....

So the command dig -t mx hughesjr.com shows this:

CODE
[root@WhiteBoxLinux linux]# dig -t mx hughesjr.com
; <<>> DiG 9.2.2 <<>> -t mx hughesjr.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32520
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; QUESTION SECTION:
;hughesjr.com.                  IN      MX

;; ANSWER SECTION:
hughesjr.com.           300     IN      MX      0 mail.hughesjr.com.

;; ADDITIONAL SECTION:
mail.hughesjr.com.      300     IN      A       24.155.54.142

;; Query time: 176 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Fri Mar 26 06:05:26 2004
;; MSG SIZE  rcvd: 67


So if someone sends e-mail to the address user@hughesjr.com ... the process is that the sender's listed SMTP server recieves the e-mail, then does a name lookup (using the MX record) for hughesjr.com (with the H root DNS server .... the sending SMTP server is told that ns5.zoneedit.com and ns4.zoneedit.com are the Athoritative servers for [/b]hughesjr.com[/b] ... and sends a request to ns5.zoneedit.com for the MX record for hughesjr.com ... It get the results back that is shown above (mail for domain hughesjr.com goes to mail.hughesjr.com ... and the current IP for mail.hughesjr.com is 24.155.54.142).

Without an official DNS record setup, you can send, but not recieve external e-mail ....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post
hughesjr
post Mar 26 2004, 07:07 AM
Post #8


Its GNU/Linuxhelp.net
*******

Group: Admin
Posts: 3,433
Joined: 25-July 03
From: Corpus Chrsiti, TX, USA
Member No.: 1,151



QUOTE (Robert83 @ Mar 26 2004, 06:40 AM)
I guess that most of the things in blue at the end of your reply , must be done by my ISP right?
I mean I have to tell them to poing company.co.yu to my ip adress [since it already is asigned to some other]
mail.company.co.yu is also good, so I'll use that then.

It would be whoever controls the DNS servers listed in the registration for the domain name ... that could be your ISP ... it could be someone else.

Do a:

dig domain.name

substitue your domain for domain.name

and you can see the results in the AUTHORITY SECTION ... those are the servers that need to contain your DNS records....


--------------------
Johnny Hughes
hughesjr@linuxhelp.net
Enterprise Alternatives: CentOS, WhiteBoxEL
Favorite Workstation Distros (in order): CentOS, Gentoo, Debian Sarge, Ubuntu, Mandrake, FedoraCore, Slackware, SUSE
Favorite Server Distros (in order): CentOS, WhiteBoxEL, Debian Sarge, Slackware, Mandrake, FedoraCore, Gentoo, SUSE
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 18th October 2017 - 10:46 PM