Basic Email Server with Postfix, Dovecot and Squirrelmail on CentOS 6

Step 1 »Before installation assign a static ip and add a host entry for your domain to that IP in the /etc/hosts file like below.

192.168.0.15 tweenpath.net

Step 2 » Issue the below command to install postfix

[root@mail ~]# yum -y install postfix

Step 3 » Now issue the below command to install SMTP AUTH packages .

[root@mail ~]# yum -y install cyrus-sasl cyrus-sasl-devel cyrus-sasl-gssapi cyrus-sasl-md5 cyrus-sasl-plain

Postfix package installation is completed .

Step 4 » Issue the below commands one by one for creating SSL Cert.

[root@mail ~]# mkdir /etc/postfix/ssl
[root@mail ~]# cd /etc/postfix/ssl/
[root@mail ssl]# openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
[root@mail ssl]# chmod 600 smtpd.key
[root@mail ssl]# openssl req -new -key smtpd.key -out smtpd.csr
[root@mail ssl]# openssl x509 -req -days 365 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
[root@mail ssl]# openssl rsa -in smtpd.key -out smtpd.key.unencrypted
[root@mail ssl]# mv -f smtpd.key.unencrypted smtpd.key
[root@mail ssl]# openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 365

Step 4 » Now open /etc/postfix/main.cf file Continue reading “Basic Email Server with Postfix, Dovecot and Squirrelmail on CentOS 6” »

Share

DNS UDP Load Balancer using Nginx

The plan is to build a DNS- UDP load balancer DNS recursive server (actually forwarding service). The design logic is simple-

On client side a public recursive+forwarding DNS IP –> hits the Nginx Load Balancers  –> sends traffic to Google Public DNS/IBM Public DNS/Own recursive DNS/OpenDNS.

The configuration is quite simple on Nginx Load Balancer, the core configuration content is pretty straight forward:

# Load balance UDP-based DNS traffic across two servers
stream {
upstream dns_upstreams {
server 192.168.136.130:53;
server 192.168.136.131:53;
}

server {
listen 53 udp;
proxy_pass dns_upstreams;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}

Continue reading “DNS UDP Load Balancer using Nginx” »

Share

Configure DHCP Server Step-by-Step config Guide Using Webmin

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet mask and default gateway.

In our previous article, you have setup your DNS Server using Webmin, refer below link for more information.

In this article We will seen how to configure DHCP Server Using Webmin(web-based interface). Webmin tool offer to new system administrators to perform all system management task from via a web browser, Instead of using the command line console or terminal. You can also manage a system from the console or remotely. Continue reading “Configure DHCP Server Step-by-Step config Guide Using Webmin” »

Share

MDaemon firewall ports to be opened

Ports to be opened:

SMTP inbound / outbound port – 25
MSA inbound port – 587
ODMR inbound port – 366
SMTP SSL port – 465
ActiveSync port – 80
ActiveSync SSL port – 443
BlackBerry Enterprise Server – 3101
POP3 inbound / outbound port – 110
IMAP inbound port – 143
POP3 SSL port – 995
IMAP SSL port – 993
DNS outbound port – 53
LDAP port – 389
Remote Administration port – 1000
Remote Administration SSL port – 444
WorldClient port – 3000
WorldClient SSL port – 443
Minger port – 4069

Share

Install webmin on debian 8

To install webmin on debian 8 just follow this instructions :

cd /root
wget http://www.webmin.com/jcameron-key.asc
apt-key add jcameron-key.asc
echo "deb http://download.webmin.com/download/repository sarge contrib" >> /etc/apt/sources.list
echo "deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib" >> /etc/apt/sources.list
apt-get update
apt-get -y install webmin

Continue reading “Install webmin on debian 8” »

Share

Cacti on Debian (Updated)

Downloading Cacti

You can download the newest version of Cacti from its website.

wget http://www.cacti.net/downloads/cacti-0.8.7b.tar.gz

Installing Cacti

Install apache webserver with php support, mysql database server, snmp, some php modules and rrdtool.

apt-get install apache2 libapache2-mod-php5 php5 php5-cli php5-mysql php5-gd php5-snmp mysql-client mysql-server libmysqlclient15-dev snmp snmpd rrdtool

Add a user account for cacti. Continue reading “Cacti on Debian (Updated)” »

Share

Enable 1:1 NAT in Iptables

1:1 NAT maps a single Public IP Address to one of your computer within your local area network (LAN). Unlike port forwarding, 1:1 NAT forwards all ports from one external IP to one internal IP.

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.2 -j SNAT --to-source 83.229.64.2 iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.2 -j DNAT --to-destination 192.168.1.2 iptables -A FORWARD -s 83.229.64.2 -j ACCEPT iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
Share

How to enable Port Forwarding in Iptables

Port forwarding allows remote computers, for example, computers on the Internet, to connect to a specific computer or service within a private local area network (LAN).
Typical applications include the following:

  • Running a public HTTP server within a private LAN
  • Permitting Secure Shell access to a host on the private LAN from the Internet
  • Permitting FTP access to a host on a private LAN from the Internet

In Linux, you can configure port forwarding using iptables command.
The below example is to enable the port forwarding of port 80 of the external ip address “83.229.64.2” to the port 80 of the computer inside the LAN with the ip address of “192.168.1.2”.

iptables -t nat -A PREROUTING -i eth0 -d 83.229.64.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80 iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
Share