1 |
systemctl start firewalld |
2 |
systemctl enable firewalld |
3 |
firewall-cmd --permanent --zone=public --add-interface=eth0 |
4 |
firewall-cmd --permanent --add-service=dns --zone=public |
5 |
firewall-cmd --permanent --add-service=smtp --zone=public |
6 |
firewall-cmd --reload |
7 |
|
8 |
yum install -y bind bind-utils |
9 |
|
10 |
sed -i.original "s/listen-on port 53 { 127.0.0.1; };/listen-on port 53 { 127.0.0.1; 10.18.0.5; };/" /etc/named.conf |
11 |
sed -i "s/allow-query { localhost; };/allow-query { localhost; 10.18.0.0\/16; };\n forwarders {\n 168.63.129.16;\n 8.8.8.8;\n 8.8.4.4;\n };/" /etc/named.conf |
12 |
sed -i "s/listen-on-v6 port.*/listen-on-v6 port 53 { none; };/" /etc/named.conf |
13 |
sed -i "/dnssec/d" /etc/named.conf |
14 |
|
15 |
sed -i "s/PEERDNS=.*/PEERDNS=no/" /etc/sysconfig/network-scripts/ifcfg-eth0 |
16 |
sed -i "s/nameserver.*/nameserver 127.0.0.1/" /etc/resolv.conf |
17 |
|
18 |
cat >> /etc/named.conf << EOF |
19 |
zone "lab.example.net." IN { |
20 |
type master; |
21 |
file "db.lab.example.net"; |
22 |
allow-transfer { none; }; |
23 |
}; |
24 |
EOF |
25 |
|
26 |
echo "10.18.0.5 ns1.lab.example.net" >> /etc/hosts |
27 |
|
28 |
cat > /var/named/db.lab.example.net <<\EOF |
29 |
$TTL 3H |
30 |
$ORIGIN lab.example.net. |
31 |
@ IN SOA ns1.lab.example.net root.lab.example.net (2 |
32 |
1D |
33 |
1H |
34 |
1W |
35 |
3H) |
36 |
@ NS ns1.lab.example.net. |
37 |
ns1 A 10.18.0.5 |
38 |
alpha A 10.18.0.5 |
39 |
beta A 10.18.0.6 |
40 |
@ MX 10 alpha |
41 |
EOF |
42 |
|
43 |
systemctl restart named |
44 |
systemctl enable named |
45 |
|
46 |
yum install postfix -y |
47 |
|
48 |
cp /etc/postfix/main.cf /etc/postfix/main.cf.$(date +%F) |
49 |
postconf -e inet_protocols=ipv4 |
50 |
postconf -e inet_interfaces=all |
51 |
postconf -e 'mydestination=lab.example.net, $myhostname, localhost.$mydomain, localhost' |
52 |
postconf -e 'mydomain=lab.example.net' |
53 |
postconf -e 'myorigin=$mydomain' |
54 |
|
55 |
# ddos protection |
56 |
#+ cf. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Server_Security-Securing_Postfix.html |
57 |
#+ cf. http://security-24-7.com/hardening-guide-for-postfix-2-x/ |
58 |
postconf -e "default_process_limit = 100" |
59 |
postconf -e "smtpd_client_connection_count_limit = 10" |
60 |
postconf -e "smtpd_client_connection_rate_limit = 30" |
61 |
postconf -e "queue_minfree = 20971520" |
62 |
postconf -e "header_size_limit = 51200" |
63 |
postconf -e "message_size_limit = 10485760" |
64 |
postconf -e "smtpd_recipient_limit = 100" |
65 |
|
66 |
systemctl restart postfix |
67 |
|
68 |
sed -i "s/^#root.*/root: dbetz/" /etc/aliases |
69 |
newaliases |
70 |
|
71 |
#+ to read mail |
72 |
yum install mailx -y |
73 |
|