linuxonazure

apache apache-python apache-secure autofs btrfs cdn-django couchdb create delete dhcp dns-bind dns-unbound dotnetcore elasticsearch elasticsearch-secure elasticsearch-secure-nodes hypervcreate iscsi lvm-ext4 lvm-ext4-snapshot lvm-striping lvm-xfs mariadb mongodb mongodb-secure multi nfs nfs4 ntp openldap postfix public-private pxe python-uwsgi-nginx quota quota-xfs raid-crypto-lvm readme redeploy redis samba samba-azure secure-sshd simple simple-managed-disks squid vsftpd

postfix/service-install.sh

raw link view readme
1 systemctl start firewalld
2 systemctl enable firewalld
3 firewall-cmd --permanent --zone=public --add-interface=eth0
4 firewall-cmd --permanent --add-service=dns --zone=public
5 firewall-cmd --permanent --add-service=smtp --zone=public
6 firewall-cmd --reload
7
8 yum install -y bind bind-utils
9
10 sed -i.original "s/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { 127.0.0.1; 10.18.0.5; };/" /etc/named.conf
11 sed -i "s/allow-query { localhost; };/allow-query { localhost; 10.18.0.0\/16; };\n forwarders {\n 168.63.129.16;\n 8.8.8.8;\n 8.8.4.4;\n };/" /etc/named.conf
12 sed -i "s/listen-on-v6 port.*/listen-on-v6 port 53 { none; };/" /etc/named.conf
13 sed -i "/dnssec/d" /etc/named.conf
14
15 sed -i "s/PEERDNS=.*/PEERDNS=no/" /etc/sysconfig/network-scripts/ifcfg-eth0
16 sed -i "s/nameserver.*/nameserver 127.0.0.1/" /etc/resolv.conf
17
18 cat >> /etc/named.conf << EOF
19 zone "lab.example.net." IN {
20 type master;
21 file "db.lab.example.net";
22 allow-transfer { none; };
23 };
24 EOF
25
26 echo "10.18.0.5 ns1.lab.example.net" >> /etc/hosts
27
28 cat > /var/named/db.lab.example.net <<\EOF
29 $TTL 3H
30 $ORIGIN lab.example.net.
31 @ IN SOA ns1.lab.example.net root.lab.example.net (2
32 1D
33 1H
34 1W
35 3H)
36 @ NS ns1.lab.example.net.
37 ns1 A 10.18.0.5
38 alpha A 10.18.0.5
39 beta A 10.18.0.6
40 @ MX 10 alpha
41 EOF
42
43 systemctl restart named
44 systemctl enable named
45
46 yum install postfix -y
47
48 cp /etc/postfix/main.cf /etc/postfix/main.cf.$(date +%F)
49 postconf -e inet_protocols=ipv4
50 postconf -e inet_interfaces=all
51 postconf -e 'mydestination=lab.example.net, $myhostname, localhost.$mydomain, localhost'
52 postconf -e 'mydomain=lab.example.net'
53 postconf -e 'myorigin=$mydomain'
54
55 # ddos protection
56 #+ cf. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Postfix.html
57 #+ cf. http://security-24-7.com/hardening-guide-for-postfix-2-x/
58 postconf -e "default_process_limit = 100"
59 postconf -e "smtpd_client_connection_count_limit = 10"
60 postconf -e "smtpd_client_connection_rate_limit = 30"
61 postconf -e "queue_minfree = 20971520"
62 postconf -e "header_size_limit = 51200"
63 postconf -e "message_size_limit = 10485760"
64 postconf -e "smtpd_recipient_limit = 100"
65
66 systemctl restart postfix
67
68 sed -i "s/^#root.*/root: dbetz/" /etc/aliases
69 newaliases
70
71 #+ to read mail
72 yum install mailx -y
73
apache apache-python apache-secure autofs btrfs cdn-django couchdb create delete dhcp dns-bind dns-unbound dotnetcore elasticsearch elasticsearch-secure elasticsearch-secure-nodes hypervcreate iscsi lvm-ext4 lvm-ext4-snapshot lvm-striping lvm-xfs mariadb mongodb mongodb-secure multi nfs nfs4 ntp openldap postfix public-private pxe python-uwsgi-nginx quota quota-xfs raid-crypto-lvm readme redeploy redis samba samba-azure secure-sshd simple simple-managed-disks squid vsftpd