Be careful out there!
I've just run into problems with zones in build 101b. I tried to upgrade to b111 and it didn't work the way I thought!
2009-04-14
2009-03-12
2009-03-08
qmail on OpenSolaris
This is how I installed qmail, vpopmail and fetchmail on my new OpenSolaris server. On my old CentOS server I had a lot of extra utilities (spamassassin, clamAV, qmail-scanner, courier-imap, courierpassd, ezmlm, qlogtools, qmailadmin, qms-analog, MySql, SquirrelMail ...)
Maybe I'll install them later. As usual I'm going to use a zone for this install, I realy like zones in OpenSolaris! I've been cutting and pasting a lot in this howto so I hope that I've got every step right - if not please leave a comment.
I have a real domain at a webhosting company. In this howto it's called YOUR-DOMAIN.COM. I'm going to create a local fake domain called YOURDOMAIN.BOGUS.
So now I'm going to create a virual domain in a virtual server :-) I'm going to use my ISP:s smtp server for outgoing mail. For incoming mail I'm using fetchmail to get new mails from my webhosting company.
Many thnx to D.J Bernstein (http://cr.yp.to/cv.html) for this great piece of software!
Create a new zone in OpenSolaris - see previous post. In this howto it's called mailz.
# zlogin -e\# -C mailz
¤ Install some packages that is needed for the build process
# pkg install SUNWpkgcmds
# pkg install SUNWwget
# pkg install SUNWtnetc
# pkg install SUNWgnu-diffutils
# pkg install SUNWgcc
# pkg install SUNWgmake
# pkg install SUNWggrp
# pkg install SUNWperl584core
# pkg install SUNWgnu-coreutils
# pkg install SUNWlibm
# pkg install SUNWfetchmail
¤ Create qmail and vpopmail user(s) and their homes
# mkdir -p /var/qmail
# groupadd -g 81 nofiles
# groupadd -g 82 qmail
# groupadd -g 83 vchkpw
# useradd -u 81 -g nofiles -s /bin/false -d /var/qmail/alias alias
# useradd -u 82 -g nofiles -s /bin/false -d /var/qmail qmaild
# useradd -u 83 -g nofiles -s /bin/false -d /var/qmail qmaill
# useradd -u 84 -g nofiles -s /bin/false -d /var/qmail qmailp
# useradd -u 85 -g qmail -s /bin/false -d /var/qmail qmailq
# useradd -u 86 -g qmail -s /bin/false -d /var/qmail qmailr
# useradd -u 87 -g qmail -s /bin/false -d /var/qmail qmails
# useradd -u 88 -g vchkpw -d /home/vpopmail vpopmail
# mkdir -p /var/log/qmail
# chown -R qmaill:nofiles /var/log/qmail
¤ I had some problems with /home so this is what I did:
# umount /home
¤ Edit /etc/auto_master and remove the line starting with /home
# mv /etc/auto_home /etc/auto_home.ORI
# mkdir -p /home/vpopmail
# chown -R vpopmail:vchkpw /home/vpopmail
¤ Create a download folder
# cd
# mkdir dl
# cd dl
¤ Get a patched qmail source tarball
# wget http://qmail.internet.bs/netqmail-1.06.tar.gz
# gunzip netqmail-1.06.tar.gz
# tar xvf netqmail-1.06.tar
# cd netqmail-1.06
# make setup check
¤ Configure your local mail domain
# cd /root/dl/netqmail-1.06
# ./config-fast mailz.YOURDOMAIN.BOGUS
¤ Configure qmail
# cd /var/qmail/control
# echo "mailz.YOUR-DOMAIN.COM" > me
# echo "mailz.YOURDOMAIN.BOGUS" > locals
# vi rcpthosts
mailz.YOURDOMAIN.BOGUS
YOUR-DOMAIN.COM
localhost
¤ Create some alias
# cd /var/qmail/alias
# echo "pr0xy@YOUR-DOMAIN.COM" > .qmail-root
# cp .qmail-root .qmail-mailer-daemon
# cp .qmail-root .qmail-postmaster
¤ Configure your ISP:s outgoing smtp-server (you're probably not allowed to use port 25 from home)
# vi /var/qmail/control/smtproutes
:smtp.YOURISP.com
¤ Download and install checkpassword
# cd; cd dl
# wget http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz
# gunzip checkpassword-0.90.tar.gz
# tar -xvf checkpassword-0.90.tar
# cd checkpassword-0.90
# make
# make install
¤ Download and install TCP-rules
# cd; cd dl
# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
# gunzip ucspi-tcp-0.88.tar.gz
# tar -xvf ucspi-tcp-0.88.tar
# cd ucspi-tcp-0.88
# make setup check
# vi /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT=""
¤ Create a database for tcprules
# /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
¤ Download and install vpopmail
# cd; cd dl
# wget http://puzzle.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.27.tar.bz2
# bzip2 -d vpopmail-5.4.27.tar.bz2
# tar -xvf vpopmail-5.4.27.tar
# cd vpopmail-5.4.27
# ./configure \
--enable-tcprules-prog=/usr/local/bin/tcprules \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-roaming-users=y \
--enable-relay-clear-minutes=60 \
--enable-logging=p \
--enable-auth-logging \
--enable-logging=y
# make
# make install-strip
¤ Download and install Maildrop, but first, you'll need gdbm to compile it
# wget http://ftp.gnu.org/pub/gnu/gdbm/gdbm-1.8.3.tar.gz
# gzip -d gdbm-1.8.3.tar.gz
# tar -xvf gdbm-1.8.3.tar
# cd gdbm-1.8.3
# ./configure
# make
# make install
# wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2
# bzip2 -d maildrop-2.0.4.tar.bz2
# tar -xvf maildrop-2.0.4.tar
# cd maildrop-2.0.4
# export LDFLAGS="-L/usr/local/lib"
# ./configure --prefix=/usr/local \
--exec-prefix=/usr/local \
--enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw \
--enable-maildirquota
# make install-strip
¤ Download and install qmail autoresponder
# cd; cd dl
# wget http://www.inter7.com/devel/autorespond-2.0.2.tar.gz
# gzip -d autorespond-2.0.2.tar.gz
# tar -xvf autorespond-2.0.2.tar
# cd autorespond-2.0.2
# make
# make install
¤ Install daemontools from blastwave (I couldn't compile it on Solaris due to sh -e )
# pfexec pkg set-authority -O http://blastwave.network.com:10000 blastwave.network.com
# pkg install IPSdaemontools
¤ Create a "home" for daemontools
# mkdir /command
# chmod 755 /command
# cd /command
# ln -s /opt/csw/bin/envdir envdir
# ln -s /opt/csw/bin/envuidgid envuidgid
# ln -s /opt/csw/bin/fghack fghack
# ln -s /opt/csw/bin/multilog multilog
# ln -s /opt/csw/bin/pgrphack pgrphack
# ln -s /opt/csw/bin/readproctitle readproctitle
# ln -s /opt/csw/bin/setlock setlock
# ln -s /opt/csw/bin/setuidgid setuidgid
# ln -s /opt/csw/bin/softlimit softlimit
# ln -s /opt/csw/bin/supervise supervise
# ln -s /opt/csw/bin/svc svc
# ln -s /opt/csw/bin/svok svok
# ln -s /opt/csw/bin/svscan svscan
# ln -s /opt/csw/bin/svscanboot svscanboot
# ln -s /opt/csw/bin/svstat svstat
# ln -s /opt/csw/bin/tai64n tai64n
# ln -s /opt/csw/bin/tai64nlocal tai64nlocal
# cd /usr/local/bin
# ln -s /command/softlimit softlimit
# ln -s /command/svstat svstat
¤ Create the start up scripts
# mkdir /service
# chmod 755 /service
# mkdir /var/qmail/supervise
# chmod 755 /var/qmail/supervise
# mkdir /var/qmail/supervise/qmail-smtpd
# mkdir /var/qmail/supervise/qmail-smtpd/log
# chmod +t /var/qmail/supervise/qmail-smtpd
# mkdir /var/qmail/supervise/qmail-send
# mkdir /var/qmail/supervise/qmail-send/log
# chmod +t /var/qmail/supervise/qmail-send
# mkdir /var/qmail/supervise/qmail-pop3d
# mkdir /var/qmail/supervise/qmail-pop3d/log
# chmod +t /var/qmail/supervise/qmail-pop3d
# vi /var/qmail/rc
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/
# chmod 700 /var/qmail/rc
# vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec tcpserver -H -R -v -c100 0 110 qmail-popup mailz.YOURDOMAIN.BOGUS \
/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1
# chmod 755 /var/qmail/supervise/qmail-pop3d/run
# vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
# chmod 755 /var/qmail/supervise/qmail-pop3d/log
# chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
# echo "30" > /var/qmail/control/concurrencyincoming
# vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mailz.YOURDOMAIN.BOGUS \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
# chmod ugo+x /var/qmail/supervise/qmail-smtpd/run
# vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1
# chmod 755 /var/qmail/supervise/qmail-smtpd/log
# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
# vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/
# vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1
# chmod 755 /var/qmail/supervise/qmail-send/log
# chmod 755 /var/qmail/supervise/qmail-send/log/run
# ln -s /var/qmail/supervise/* /service/
¤ Configure vpopmail
# cd /home/vpopmail/bin/
# ./vadddomain YOUR-DOMAIN.COM pAsSwOrD
# ./vadduser pr0xy@YOUR-DOMAIN.COM pAsSwOrD
# cd /home/vpopmail/domains/YOUR-DOMAIN.COM
# echo "&pr0xy@YOUR-DOMAIN.COM" > .qmail-catchall
# vi .qmail-default
| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
# chown vpopmail.vchkpw .qmail-*
¤ Create a startup script for qmail
# vi /etc/init.d/qmailctl
#!/bin/sh
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/csw/bin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
# chmod 750 /etc/init.d/qmailctl
¤¤¤ "Replace" sendmail (You don't usually have sendmail in a new zone)
# ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
¤ Put svscanboot in inittab
# vi /etc/inittab
SV:123456:respawn:/command/svscanboot /var/adm/svscan.log 2>&1
¤¤¤ Reboot the mailz zone
# shutdown -i 5 -g 5
# zoneadm -z mailz boot
# zlogin -e\# -C mailz
¤ Now, it's time to use telnet to test your setup
Test: Outgoing mail
# telnet 127.0.0.1 25
mail
rcpt
data
Subject: Testing qmail
Does it work?
.
quit
Test: Local test of vpopmail
root@mailz:/etc/init.d# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
+OK <1271.1236437828@mailz.yourdomain.bogus>
user pr0xy@YOUR-DOMAIN.COM
+OK
pass sEcReTs
+OK
list
+OK
1 253
2 252
3 269
.
quit
+OK
Connection to 127.0.0.1 closed by foreign host.
Test: Remote test of vpopmail (from CentOS in my case)
$ telnet 192.168.0.7 110
Trying 192.168.0.7...
Connected to 192.168.0.7 (192.168.0.7).
Escape character is '^]'.
+OK <1975.1236503509@mailz.yourdomain.bogus>
user pr0xy@YOUR-DOMAIN.COM
+OK
pass sEkReTs
+OK
list
+OK
1 252
2 253
3 269
.
quit
+OK
Connection closed by foreign host.
¤ Now you know that it works local/remote - now it's up to you to test it from your MTU.
¤ Configure fetchmail
# cd
# vi .fetchmailrc
set postmaster "postmaster@YOUR-DOMAIN.COM"
set no bouncemail
poll pop.YOURISP.com localdomains YOUR-DOMAIN.COM:
protocol pop3
timeout 15
no dns
auth password
user catchall@YOUR-DOMAIN.COM there
password sEkReTs
is * here
forcecr
Done!
Maybe I'll install them later. As usual I'm going to use a zone for this install, I realy like zones in OpenSolaris! I've been cutting and pasting a lot in this howto so I hope that I've got every step right - if not please leave a comment.
I have a real domain at a webhosting company. In this howto it's called YOUR-DOMAIN.COM. I'm going to create a local fake domain called YOURDOMAIN.BOGUS.
So now I'm going to create a virual domain in a virtual server :-) I'm going to use my ISP:s smtp server for outgoing mail. For incoming mail I'm using fetchmail to get new mails from my webhosting company.
Many thnx to D.J Bernstein (http://cr.yp.to/cv.html) for this great piece of software!
Create a new zone in OpenSolaris - see previous post. In this howto it's called mailz.
# zlogin -e\# -C mailz
¤ Install some packages that is needed for the build process
# pkg install SUNWpkgcmds
# pkg install SUNWwget
# pkg install SUNWtnetc
# pkg install SUNWgnu-diffutils
# pkg install SUNWgcc
# pkg install SUNWgmake
# pkg install SUNWggrp
# pkg install SUNWperl584core
# pkg install SUNWgnu-coreutils
# pkg install SUNWlibm
# pkg install SUNWfetchmail
¤ Create qmail and vpopmail user(s) and their homes
# mkdir -p /var/qmail
# groupadd -g 81 nofiles
# groupadd -g 82 qmail
# groupadd -g 83 vchkpw
# useradd -u 81 -g nofiles -s /bin/false -d /var/qmail/alias alias
# useradd -u 82 -g nofiles -s /bin/false -d /var/qmail qmaild
# useradd -u 83 -g nofiles -s /bin/false -d /var/qmail qmaill
# useradd -u 84 -g nofiles -s /bin/false -d /var/qmail qmailp
# useradd -u 85 -g qmail -s /bin/false -d /var/qmail qmailq
# useradd -u 86 -g qmail -s /bin/false -d /var/qmail qmailr
# useradd -u 87 -g qmail -s /bin/false -d /var/qmail qmails
# useradd -u 88 -g vchkpw -d /home/vpopmail vpopmail
# mkdir -p /var/log/qmail
# chown -R qmaill:nofiles /var/log/qmail
¤ I had some problems with /home so this is what I did:
# umount /home
¤ Edit /etc/auto_master and remove the line starting with /home
# mv /etc/auto_home /etc/auto_home.ORI
# mkdir -p /home/vpopmail
# chown -R vpopmail:vchkpw /home/vpopmail
¤ Create a download folder
# cd
# mkdir dl
# cd dl
¤ Get a patched qmail source tarball
# wget http://qmail.internet.bs/netqmail-1.06.tar.gz
# gunzip netqmail-1.06.tar.gz
# tar xvf netqmail-1.06.tar
# cd netqmail-1.06
# make setup check
¤ Configure your local mail domain
# cd /root/dl/netqmail-1.06
# ./config-fast mailz.YOURDOMAIN.BOGUS
¤ Configure qmail
# cd /var/qmail/control
# echo "mailz.YOUR-DOMAIN.COM" > me
# echo "mailz.YOURDOMAIN.BOGUS" > locals
# vi rcpthosts
mailz.YOURDOMAIN.BOGUS
YOUR-DOMAIN.COM
localhost
¤ Create some alias
# cd /var/qmail/alias
# echo "pr0xy@YOUR-DOMAIN.COM" > .qmail-root
# cp .qmail-root .qmail-mailer-daemon
# cp .qmail-root .qmail-postmaster
¤ Configure your ISP:s outgoing smtp-server (you're probably not allowed to use port 25 from home)
# vi /var/qmail/control/smtproutes
:smtp.YOURISP.com
¤ Download and install checkpassword
# cd; cd dl
# wget http://cr.yp.to/checkpwd/checkpassword-0.90.tar.gz
# gunzip checkpassword-0.90.tar.gz
# tar -xvf checkpassword-0.90.tar
# cd checkpassword-0.90
# make
# make install
¤ Download and install TCP-rules
# cd; cd dl
# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
# gunzip ucspi-tcp-0.88.tar.gz
# tar -xvf ucspi-tcp-0.88.tar
# cd ucspi-tcp-0.88
# make setup check
# vi /etc/tcp.smtp
127.:allow,RELAYCLIENT=""
192.168.0.:allow,RELAYCLIENT=""
¤ Create a database for tcprules
# /usr/local/bin/tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
¤ Download and install vpopmail
# cd; cd dl
# wget http://puzzle.dl.sourceforge.net/sourceforge/vpopmail/vpopmail-5.4.27.tar.bz2
# bzip2 -d vpopmail-5.4.27.tar.bz2
# tar -xvf vpopmail-5.4.27.tar
# cd vpopmail-5.4.27
# ./configure \
--enable-tcprules-prog=/usr/local/bin/tcprules \
--enable-tcpserver-file=/etc/tcp.smtp \
--enable-roaming-users=y \
--enable-relay-clear-minutes=60 \
--enable-logging=p \
--enable-auth-logging \
--enable-logging=y
# make
# make install-strip
¤ Download and install Maildrop, but first, you'll need gdbm to compile it
# wget http://ftp.gnu.org/pub/gnu/gdbm/gdbm-1.8.3.tar.gz
# gzip -d gdbm-1.8.3.tar.gz
# tar -xvf gdbm-1.8.3.tar
# cd gdbm-1.8.3
# ./configure
# make
# make install
# wget http://prdownloads.sourceforge.net/courier/maildrop-2.0.4.tar.bz2
# bzip2 -d maildrop-2.0.4.tar.bz2
# tar -xvf maildrop-2.0.4.tar
# cd maildrop-2.0.4
# export LDFLAGS="-L/usr/local/lib"
# ./configure --prefix=/usr/local \
--exec-prefix=/usr/local \
--enable-maildrop-uid=root \
--enable-maildrop-gid=vchkpw \
--enable-maildirquota
# make install-strip
¤ Download and install qmail autoresponder
# cd; cd dl
# wget http://www.inter7.com/devel/autorespond-2.0.2.tar.gz
# gzip -d autorespond-2.0.2.tar.gz
# tar -xvf autorespond-2.0.2.tar
# cd autorespond-2.0.2
# make
# make install
¤ Install daemontools from blastwave (I couldn't compile it on Solaris due to sh -e )
# pfexec pkg set-authority -O http://blastwave.network.com:10000 blastwave.network.com
# pkg install IPSdaemontools
¤ Create a "home" for daemontools
# mkdir /command
# chmod 755 /command
# cd /command
# ln -s /opt/csw/bin/envdir envdir
# ln -s /opt/csw/bin/envuidgid envuidgid
# ln -s /opt/csw/bin/fghack fghack
# ln -s /opt/csw/bin/multilog multilog
# ln -s /opt/csw/bin/pgrphack pgrphack
# ln -s /opt/csw/bin/readproctitle readproctitle
# ln -s /opt/csw/bin/setlock setlock
# ln -s /opt/csw/bin/setuidgid setuidgid
# ln -s /opt/csw/bin/softlimit softlimit
# ln -s /opt/csw/bin/supervise supervise
# ln -s /opt/csw/bin/svc svc
# ln -s /opt/csw/bin/svok svok
# ln -s /opt/csw/bin/svscan svscan
# ln -s /opt/csw/bin/svscanboot svscanboot
# ln -s /opt/csw/bin/svstat svstat
# ln -s /opt/csw/bin/tai64n tai64n
# ln -s /opt/csw/bin/tai64nlocal tai64nlocal
# cd /usr/local/bin
# ln -s /command/softlimit softlimit
# ln -s /command/svstat svstat
¤ Create the start up scripts
# mkdir /service
# chmod 755 /service
# mkdir /var/qmail/supervise
# chmod 755 /var/qmail/supervise
# mkdir /var/qmail/supervise/qmail-smtpd
# mkdir /var/qmail/supervise/qmail-smtpd/log
# chmod +t /var/qmail/supervise/qmail-smtpd
# mkdir /var/qmail/supervise/qmail-send
# mkdir /var/qmail/supervise/qmail-send/log
# chmod +t /var/qmail/supervise/qmail-send
# mkdir /var/qmail/supervise/qmail-pop3d
# mkdir /var/qmail/supervise/qmail-pop3d/log
# chmod +t /var/qmail/supervise/qmail-pop3d
# vi /var/qmail/rc
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/
# chmod 700 /var/qmail/rc
# vi /var/qmail/supervise/qmail-pop3d/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec tcpserver -H -R -v -c100 0 110 qmail-popup mailz.YOURDOMAIN.BOGUS \
/home/vpopmail/bin/vchkpw qmail-pop3d Maildir 2>&1
# chmod 755 /var/qmail/supervise/qmail-pop3d/run
# vi /var/qmail/supervise/qmail-pop3d/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-pop3d 2>&1
# chmod 755 /var/qmail/supervise/qmail-pop3d/log
# chmod 755 /var/qmail/supervise/qmail-pop3d/log/run
# echo "30" > /var/qmail/control/concurrencyincoming
# vi /var/qmail/supervise/qmail-smtpd/run
#!/bin/sh
QMAILDUID=`id -u vpopmail`
NOFILESGID=`id -g vpopmail`
MAXSMTPD=`cat /var/qmail/control/concurrencyincoming`
LOCAL=`head -1 /var/qmail/control/me`
if [ -z "$QMAILDUID" -o -z "$NOFILESGID" -o -z "$MAXSMTPD" -o -z "$LOCAL" ]; then
echo QMAILDUID, NOFILESGID, MAXSMTPD, or LOCAL is unset in
echo /var/qmail/supervise/qmail-smtpd/run
exit 1
fi
if [ ! -f /var/qmail/control/rcpthosts ]; then
echo "No /var/qmail/control/rcpthosts!"
echo "Refusing to start SMTP listener because it'll create an open relay"
exit 1
fi
exec /usr/local/bin/softlimit -m 40000000 \
/usr/local/bin/tcpserver -v -R -l "$LOCAL" -x /etc/tcp.smtp.cdb -c "$MAXSMTPD" \
-u "$QMAILDUID" -g "$NOFILESGID" 0 smtp \
/var/qmail/bin/qmail-smtpd mailz.YOURDOMAIN.BOGUS \
/home/vpopmail/bin/vchkpw /usr/bin/true 2>&1
# chmod ugo+x /var/qmail/supervise/qmail-smtpd/run
# vi /var/qmail/supervise/qmail-smtpd/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-smtpd 2>&1
# chmod 755 /var/qmail/supervise/qmail-smtpd/log
# chmod 755 /var/qmail/supervise/qmail-smtpd/log/run
# vi /var/qmail/supervise/qmail-send/run
#!/bin/sh
exec env - PATH="/var/qmail/bin:/usr/local/bin" \
qmail-start ./Maildir/
# vi /var/qmail/supervise/qmail-send/log/run
#!/bin/sh
PATH=/var/qmail/bin:/usr/local/bin:/usr/bin:/bin:/opt/csw/bin
export PATH
exec setuidgid qmaill multilog t s100000 n20 /var/log/qmail/qmail-send 2>&1
# chmod 755 /var/qmail/supervise/qmail-send/log
# chmod 755 /var/qmail/supervise/qmail-send/log/run
# ln -s /var/qmail/supervise/* /service/
¤ Configure vpopmail
# cd /home/vpopmail/bin/
# ./vadddomain YOUR-DOMAIN.COM pAsSwOrD
# ./vadduser pr0xy@YOUR-DOMAIN.COM pAsSwOrD
# cd /home/vpopmail/domains/YOUR-DOMAIN.COM
# echo "&pr0xy@YOUR-DOMAIN.COM" > .qmail-catchall
# vi .qmail-default
| /home/vpopmail/bin/vdelivermail '' bounce-no-mailbox
# chown vpopmail.vchkpw .qmail-*
¤ Create a startup script for qmail
# vi /etc/init.d/qmailctl
#!/bin/sh
PATH=/var/qmail/bin:/bin:/usr/bin:/usr/local/bin:/usr/local/sbin:/opt/csw/bin
export PATH
QMAILDUID=`id -u qmaild`
NOFILESGID=`id -g qmaild`
case "$1" in
start)
echo "Starting qmail..."
echo ""
if svok /service/qmail-send ; then
svc -u /service/qmail-send /service/qmail-send/log
echo "Starting qmail-send"
else
echo "qmail-send supervise not running"
fi
if svok /service/qmail-smtpd ; then
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
echo "Starting qmail-smtpd"
else
echo "qmail-smtpd supervise not running"
fi
if svok /service/qmail-pop3d ; then
svc -u /service/qmail-pop3d /service/qmail-pop3d/log
echo "Starting qmail-pop3d"
else
echo "qmail-pop3d supervise not running"
fi
if [ -d /var/lock/subsys ]; then
touch /var/lock/subsys/qmail
fi
;;
stop)
echo "Stopping qmail..."
echo ""
echo " qmail-smtpd"
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo " qmail-send"
svc -d /service/qmail-send /service/qmail-send/log
echo " qmail-pop3d"
svc -d /service/qmail-pop3d /service/qmail-pop3d/log
if [ -f /var/lock/subsys/qmail ]; then
rm /var/lock/subsys/qmail
fi
;;
stat)
svstat /service/qmail-send
svstat /service/qmail-send/log
svstat /service/qmail-smtpd
svstat /service/qmail-smtpd/log
svstat /service/qmail-pop3d
svstat /service/qmail-pop3d/log
qmail-qstat
;;
doqueue|alrm|flush)
echo "Flushing timeout table and sending ALRM signal to qmail-send."
/var/qmail/bin/qmail-tcpok
svc -a /service/qmail-send
;;
queue)
qmail-qstat
qmail-qread
;;
reload|hup)
echo "Sending HUP signal to qmail-send."
svc -h /service/qmail-send
;;
pause)
echo "Pausing qmail-send"
svc -p /service/qmail-send
echo "Pausing qmail-smtpd"
svc -p /service/qmail-smtpd
echo "Pausing qmail-pop3d"
svc -p /service/qmail-pop3d
;;
cont)
echo "Continuing qmail-send"
svc -c /service/qmail-send
echo "Continuing qmail-smtpd"
svc -c /service/qmail-smtpd
echo "Continuing qmail-pop3d"
svc -c /service/qmail-pop3d
;;
restart)
echo "Restarting qmail:"
echo "* Stopping qmail-smtpd."
svc -d /service/qmail-smtpd /service/qmail-smtpd/log
echo "* Sending qmail-send SIGTERM and restarting."
svc -t /service/qmail-send /service/qmail-send/log
echo "* Sending qmail-pop3d SIGTERM and restarting."
svc -t /service/qmail-pop3d /service/qmail-pop3d/log
echo "* Restarting qmail-smtpd."
svc -u /service/qmail-smtpd /service/qmail-smtpd/log
;;
cdb)
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
chmod 644 /etc/tcp.smtp.cdb
echo "Reloaded /etc/tcp.smtp."
;;
help)
cat <
start -- starts mail service (smtp connection accepted, mail can go out)
pause -- temporarily stops mail service (connections accepted, nothing leaves)
cont -- continues paused mail service
stat -- displays status of mail service
cdb -- rebuild the tcpserver cdb file for smtp
restart -- stops and restarts smtp, sends qmail-send a TERM & restarts it
doqueue -- schedules queued messages for immediate delivery
reload -- sends qmail-send HUP, rereading locals and virtualdomains
queue -- shows status of queue
alrm -- same as doqueue
flush -- same as doqueue
hup -- same as reload
HELP
;;
*)
echo "Usage: $0 {start|stop|restart|doqueue|flush|reload|stat|pause|cont|cdb|queue|help}"
exit 1
;;
esac
exit 0
# chmod 750 /etc/init.d/qmailctl
¤¤¤ "Replace" sendmail (You don't usually have sendmail in a new zone)
# ln -s /var/qmail/bin/sendmail /usr/lib/sendmail
# ln -s /var/qmail/bin/sendmail /usr/sbin/sendmail
¤ Put svscanboot in inittab
# vi /etc/inittab
SV:123456:respawn:/command/svscanboot /var/adm/svscan.log 2>&1
¤¤¤ Reboot the mailz zone
# shutdown -i 5 -g 5
# zoneadm -z mailz boot
# zlogin -e\# -C mailz
¤ Now, it's time to use telnet to test your setup
Test: Outgoing mail
# telnet 127.0.0.1 25
rcpt
data
Subject: Testing qmail
Does it work?
.
quit
Test: Local test of vpopmail
root@mailz:/etc/init.d# telnet 127.0.0.1 110
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
+OK <1271.1236437828@mailz.yourdomain.bogus>
user pr0xy@YOUR-DOMAIN.COM
+OK
pass sEcReTs
+OK
list
+OK
1 253
2 252
3 269
.
quit
+OK
Connection to 127.0.0.1 closed by foreign host.
Test: Remote test of vpopmail (from CentOS in my case)
$ telnet 192.168.0.7 110
Trying 192.168.0.7...
Connected to 192.168.0.7 (192.168.0.7).
Escape character is '^]'.
+OK <1975.1236503509@mailz.yourdomain.bogus>
user pr0xy@YOUR-DOMAIN.COM
+OK
pass sEkReTs
+OK
list
+OK
1 252
2 253
3 269
.
quit
+OK
Connection closed by foreign host.
¤ Now you know that it works local/remote - now it's up to you to test it from your MTU.
¤ Configure fetchmail
# cd
# vi .fetchmailrc
set postmaster "postmaster@YOUR-DOMAIN.COM"
set no bouncemail
poll pop.YOURISP.com localdomains YOUR-DOMAIN.COM:
protocol pop3
timeout 15
no dns
auth password
user catchall@YOUR-DOMAIN.COM there
password sEkReTs
is * here
forcecr
Done!
2009-03-06
BIND on OpenSolaris
This is how I implemented BIND. I could have written a lot of information about BIND and security but I'll keep it simple. (And I'm not going to explain a chroot environment). It works for me ™ - NO guarantees! In this "howto" I'm going to use 192.168.0.0/24 as the local network.
First, create a new OpenSolaris zone (see previous post), the new virtual server is called "dns-zone". If you want to know more about BIND, Google is your friend! I'm not going to explain my settings! (NB: I'm not a HTML-guru as you can see. DNS-zonez should be "tabbed")
Log in to dns-zone as root.
# pkg install SUNWbind
# svcs -a | grep dns
disabled 17:54:34 svc:/network/dns/server:default
online 21:09:48 svc:/network/dns/client:default
Create a new group for BIND called "named"
# vi /etc/group
named::53:
Create a new user called named
# vi /etc/passwd
named:x:53:53:BIND:/:
Create a new "home" for named
# mkdir -p /var/named
# mkdir -p /var/named/pz
Edit your private zones (pz) - and don't forget the dots!
# cd /var/named/pz
# vi 127.0.0
$TTL 1D
@ IN SOA localhost. root.localhost. (
1; serial
8H; refresh
2H; retry
4W; expire
1D); Minimum TTL
;
IN NS localhost.
1 IN PTR localhost.
# vi db.0.168.192
$TTL 1D
@ IN SOA dns-zone.YOURDOMAIN.BOGUS. postmaster.YOURDOMAIN.BOGUS. (
200902191 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D ) ; Minimum TTL
;
IN NS dns-zone.YOURDOMAIN.BOGUS.
1 IN PTR gw.YOURDOMAIN.BOGUS.
5 IN PTR pc5.YOURDOMAIN.BOGUS.
4 IN PTR pc4.YOURDOMAIN.BOGUS.
2 IN PTR pc2.YOURDOMAIN.BOGUS.
3 IN PTR pc3.YOURDOMAIN.BOGUS.
6 IN PTR dns-zone.YOURDOMAIN.BOGUS.
7 IN PTR mailz.YOURDOMAIN.BOGUS.
# vi db.YOURDOMAIN.BOGUS
$TTL 1D
@ IN SOA dns-zone.YOURDOMAIN.BOGUS. postmaster.YOURDOMAIN.BOGUS. (
200902191 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D ) ; Minimum TTL
; Nameservers
IN NS dns-zone.YOURDOMAIN.BOGUS.
IN NS YOUR_ISP_DOMAIN1.com
IN NS YOUR_ISP_DOMAIN2.com
IN NS YOUR_ISP_DOMAIN3.com
; Mailservers
IN MX 5 mailz.YOURDOMAIN.BOGUS. ; Mail eXchanger
; Machine names
gw IN A 192.168.0.1
pc5 IN A 192.168.0.5
pc4 IN A 192.168.0.4
pc2 IN A 192.168.0.2
pc3 IN A 192.168.0.3
dns-zone IN A 192.168.0.6
mailz IN A 192.168.0.7
localhost IN A 127.0.0.1
; Aliases
ns1 IN CNAME dns-zone
mail IN CNAME mailz
Get a fresh root server list
# cd /var/named
# dig @e.root-servers.net . ns > root.hints.new
# cp root.hints.new root.hints
Change the owner
# chown -R named:named /var/named
Add dns-zones to your hosts file
# vi /etc/inet/hosts
::1 localhost
127.0.0.1 localhost
192.168.0.6 dns-zone.YOURDOMAIN.BOGUS dns-zone loghost
# chmod u-w /etc/inet/hosts
Edit your resolver
# vi /etc/resolv.conf
domain YOURDOMAIN.BOGUS
nameserver 127.0.0.1
# vi /etc/nsswitch.conf
ipnodes: files dns
# vi /etc/nsswitch.dns
hosts: files dns
Now, it's time for the secrets (fake of course)!
# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST rndc
Krndc.+123+45678
# cat Krndc.+123+45678.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: abcdefghijklmnopqrst
Save the key
# vi rndc.conf
key "rndc-key" {
algorithm "hmac-md5";
secret "abcdefghijklmnopqrst";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Configure named
# vi /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/named.pid";
forward only;
forwarders {
123.45.678.39; <- Your ISP or opendns.com
123.45.678.40; <- Your ISP or opendns.com
123.45.678.41; <- Your ISP or opendns.com
};
allow-query { 192.168.0.0/24; localhost; };
allow-recursion {192.168.0.0/24; localhost; };
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
allow-query { 192.168.0.0/24; localhost; };
};
zone "YOURDOMAIN.BOGUS" {
type master;
file "pz/db.YOURDOMAIN.BOGUS";
allow-query { 192.168.0.0/24; localhost; };
};
zone "0.168.192.in-addr.arpa" {
type master;
file "pz/db.0.168.192";
allow-query { 192.168.0.0/24; localhost; };
};
key "rndc-key" {
algorithm "hmac-md5";
secret "abcdefghijklmnopqrst";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
Check your configuration
# cd /var/named/pz
# named-checkzone YOURDOMAIN.BOGUS db.0.168.192
# named-checkzone YOURDOMAIN.BOGUS db.YOURDOMAIN.BOGUS
# named-checkzone YOURDOMAIN.BOGUS 127.0.0
Edit the "manifest"
# cp /var/svc/manifest/network/dns/server.xml /var/svc/manifest/network/dns/server.xml.ORI
# chmod u+w /var/svc/manifest/network/dns/server.xml
# vi /var/svc/manifest/network/dns/server.xml
group='root' <- replace this
group='named' <- with this
# chmod u-w /var/svc/manifest/network/dns/server.xml
# svccfg import /var/svc/manifest/network/dns/server.xml
Now, lounch your new DNS-server!
# svcadm enable dns/server
Restart everything
# svcadm restart dns/server
# svcadm restart dns/client
Test your setup
# netstat -r
# rndc status
Try a lookup on fx Swedish Univerity Computer Network
# nslookup www.sunet.se
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.sunet.se
Address: 130.239.8.25
Enjoy!
This is how I implemented BIND. I could have written a lot of information about BIND and security but I'll keep it simple. (And I'm not going to explain a chroot environment). It works for me ™ - NO guarantees! In this "howto" I'm going to use 192.168.0.0/24 as the local network.
First, create a new OpenSolaris zone (see previous post), the new virtual server is called "dns-zone". If you want to know more about BIND, Google is your friend! I'm not going to explain my settings! (NB: I'm not a HTML-guru as you can see. DNS-zonez should be "tabbed")
Log in to dns-zone as root.
# pkg install SUNWbind
# svcs -a | grep dns
disabled 17:54:34 svc:/network/dns/server:default
online 21:09:48 svc:/network/dns/client:default
Create a new group for BIND called "named"
# vi /etc/group
named::53:
Create a new user called named
# vi /etc/passwd
named:x:53:53:BIND:/:
Create a new "home" for named
# mkdir -p /var/named
# mkdir -p /var/named/pz
Edit your private zones (pz) - and don't forget the dots!
# cd /var/named/pz
# vi 127.0.0
$TTL 1D
@ IN SOA localhost. root.localhost. (
1; serial
8H; refresh
2H; retry
4W; expire
1D); Minimum TTL
;
IN NS localhost.
1 IN PTR localhost.
# vi db.0.168.192
$TTL 1D
@ IN SOA dns-zone.YOURDOMAIN.BOGUS. postmaster.YOURDOMAIN.BOGUS. (
200902191 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D ) ; Minimum TTL
;
IN NS dns-zone.YOURDOMAIN.BOGUS.
1 IN PTR gw.YOURDOMAIN.BOGUS.
5 IN PTR pc5.YOURDOMAIN.BOGUS.
4 IN PTR pc4.YOURDOMAIN.BOGUS.
2 IN PTR pc2.YOURDOMAIN.BOGUS.
3 IN PTR pc3.YOURDOMAIN.BOGUS.
6 IN PTR dns-zone.YOURDOMAIN.BOGUS.
7 IN PTR mailz.YOURDOMAIN.BOGUS.
# vi db.YOURDOMAIN.BOGUS
$TTL 1D
@ IN SOA dns-zone.YOURDOMAIN.BOGUS. postmaster.YOURDOMAIN.BOGUS. (
200902191 ; serial
8H ; refresh
2H ; retry
4W ; expire
1D ) ; Minimum TTL
; Nameservers
IN NS dns-zone.YOURDOMAIN.BOGUS.
IN NS YOUR_ISP_DOMAIN1.com
IN NS YOUR_ISP_DOMAIN2.com
IN NS YOUR_ISP_DOMAIN3.com
; Mailservers
IN MX 5 mailz.YOURDOMAIN.BOGUS. ; Mail eXchanger
; Machine names
gw IN A 192.168.0.1
pc5 IN A 192.168.0.5
pc4 IN A 192.168.0.4
pc2 IN A 192.168.0.2
pc3 IN A 192.168.0.3
dns-zone IN A 192.168.0.6
mailz IN A 192.168.0.7
localhost IN A 127.0.0.1
; Aliases
ns1 IN CNAME dns-zone
mail IN CNAME mailz
Get a fresh root server list
# cd /var/named
# dig @e.root-servers.net . ns > root.hints.new
# cp root.hints.new root.hints
Change the owner
# chown -R named:named /var/named
Add dns-zones to your hosts file
# vi /etc/inet/hosts
::1 localhost
127.0.0.1 localhost
192.168.0.6 dns-zone.YOURDOMAIN.BOGUS dns-zone loghost
# chmod u-w /etc/inet/hosts
Edit your resolver
# vi /etc/resolv.conf
domain YOURDOMAIN.BOGUS
nameserver 127.0.0.1
# vi /etc/nsswitch.conf
ipnodes: files dns
# vi /etc/nsswitch.dns
hosts: files dns
Now, it's time for the secrets (fake of course)!
# dnssec-keygen -a HMAC-MD5 -b 256 -n HOST rndc
Krndc.+123+45678
# cat Krndc.+123+45678.private
Private-key-format: v1.2
Algorithm: 157 (HMAC_MD5)
Key: abcdefghijklmnopqrst
Save the key
# vi rndc.conf
key "rndc-key" {
algorithm "hmac-md5";
secret "abcdefghijklmnopqrst";
};
options {
default-key "rndc-key";
default-server 127.0.0.1;
default-port 953;
};
Configure named
# vi /etc/named.conf
options {
directory "/var/named";
pid-file "/var/named/named.pid";
forward only;
forwarders {
123.45.678.39; <- Your ISP or opendns.com
123.45.678.40; <- Your ISP or opendns.com
123.45.678.41; <- Your ISP or opendns.com
};
allow-query { 192.168.0.0/24; localhost; };
allow-recursion {192.168.0.0/24; localhost; };
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
allow-query { 192.168.0.0/24; localhost; };
};
zone "YOURDOMAIN.BOGUS" {
type master;
file "pz/db.YOURDOMAIN.BOGUS";
allow-query { 192.168.0.0/24; localhost; };
};
zone "0.168.192.in-addr.arpa" {
type master;
file "pz/db.0.168.192";
allow-query { 192.168.0.0/24; localhost; };
};
key "rndc-key" {
algorithm "hmac-md5";
secret "abcdefghijklmnopqrst";
};
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
Check your configuration
# cd /var/named/pz
# named-checkzone YOURDOMAIN.BOGUS db.0.168.192
# named-checkzone YOURDOMAIN.BOGUS db.YOURDOMAIN.BOGUS
# named-checkzone YOURDOMAIN.BOGUS 127.0.0
Edit the "manifest"
# cp /var/svc/manifest/network/dns/server.xml /var/svc/manifest/network/dns/server.xml.ORI
# chmod u+w /var/svc/manifest/network/dns/server.xml
# vi /var/svc/manifest/network/dns/server.xml
group='root' <- replace this
group='named' <- with this
# chmod u-w /var/svc/manifest/network/dns/server.xml
# svccfg import /var/svc/manifest/network/dns/server.xml
Now, lounch your new DNS-server!
# svcadm enable dns/server
Restart everything
# svcadm restart dns/server
# svcadm restart dns/client
Test your setup
# netstat -r
# rndc status
Try a lookup on fx Swedish Univerity Computer Network
# nslookup www.sunet.se
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.sunet.se
Address: 130.239.8.25
Enjoy!
2009-03-05
2009-03-04
Zones in OpenSolaris
This is how I create my zones in OpenSolaris. I've only got two cores so I don't dedicate any of them to my new zones.
First, allocate some disk to the zone. In my case I have an "overzised" system disk so I'll use that one.
# zfs create -o mountpoint=/zones rpool/zones
# mkdir /zones/mailz
# chmod go-rx /zones/mailz
# pooladm -e
# pooladm -s
# zonecfg -z mailz
zonecfg:mailz> create
zonecfg:mailz> set zonepath=/zones/mailz
zonecfg:mailz> set autoboot=true (if you want that)
zonecfg:mailz> add net
zonecfg:mailz:net> set address=192.168.0.21/24 (or whatever you local segment is)
zonecfg:mailz:net> set physical=rge0 (or whatever your NIC is called)
zonecfg:mailz:net> set defrouter=192.168.0.1 (or what it is)
zonecfg:mailz:net> end
zonecfg:mailz> verify
zonecfg:mailz> commit
zonecfg:mailz> exit
# zoneadm -z mailz install
# zoneadm -z mailz boot
# zoneadm list -v
# zlogin -e\# -C mailz (I'm using # as my escape char due to the swedish keyboard layout)
6
Host name for rge0:1 mailz
Host name: mailz
Configure Kerberos Security [N]
Name service [X] DNS
Domain name:YOURDOMAIN.BOGUS
DNS Server Addresses: Server's IP address: 192.168.1.20 (your local nameserver if you have one)
Server's IP address: 123.45.678.90 (your ISP nameserver)
Server's IP address: 123.45.678.91 (your ISP nameserver)
Enter new name service information?
[X] No
NFSv4 Domain Configuration:
[X] Use the NFSv4 domain derived by the system
Time Zone:
[X] Europe
[X] Sweden
Root Password: 123456789 (fake!)
Log in as root
If you want to fix the time-zone
# shutdown -i 5 -g 5
#. (My escape char is #, se above)
# zoneadm -z mailz boot
# zlogin -e\# -C mailz
Now you've got a default installation! Next time I'm going to show you how to install a DNS-server on your local network.
This is how I create my zones in OpenSolaris. I've only got two cores so I don't dedicate any of them to my new zones.
First, allocate some disk to the zone. In my case I have an "overzised" system disk so I'll use that one.
# zfs create -o mountpoint=/zones rpool/zones
# mkdir /zones/mailz
# chmod go-rx /zones/mailz
# pooladm -e
# pooladm -s
# zonecfg -z mailz
zonecfg:mailz> create
zonecfg:mailz> set zonepath=/zones/mailz
zonecfg:mailz> set autoboot=true (if you want that)
zonecfg:mailz> add net
zonecfg:mailz:net> set address=192.168.0.21/24 (or whatever you local segment is)
zonecfg:mailz:net> set physical=rge0 (or whatever your NIC is called)
zonecfg:mailz:net> set defrouter=192.168.0.1 (or what it is)
zonecfg:mailz:net> end
zonecfg:mailz> verify
zonecfg:mailz> commit
zonecfg:mailz> exit
# zoneadm -z mailz install
# zoneadm -z mailz boot
# zoneadm list -v
# zlogin -e\# -C mailz (I'm using # as my escape char due to the swedish keyboard layout)
6
Host name for rge0:1 mailz
Host name: mailz
Configure Kerberos Security [N]
Name service [X] DNS
Domain name:
DNS Server Addresses: Server's IP address: 192.168.1.20 (your local nameserver if you have one)
Server's IP address: 123.45.678.90 (your ISP nameserver)
Server's IP address: 123.45.678.91 (your ISP nameserver)
Enter new name service information?
[X] No
NFSv4 Domain Configuration:
[X] Use the NFSv4 domain derived by the system
Time Zone:
[X] Europe
[X] Sweden
Root Password: 123456789 (fake!)
Log in as root
If you want to fix the time-zone
# shutdown -i 5 -g 5
#. (My escape char is #, se above)
# zoneadm -z mailz boot
# zlogin -e\# -C mailz
Now you've got a default installation! Next time I'm going to show you how to install a DNS-server on your local network.
2009-03-03
Hi there,
this is my first blog experience. I've never done this before so bare with me, more to come ;-)
NTP in OpenSolaris 2008.11
# vi /etc/inet/ntp.conf
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
# svcadm enable svc:/network/ntp:default
# svcadm restart svc:/network/ntp:default
Done!
this is my first blog experience. I've never done this before so bare with me, more to come ;-)
NTP in OpenSolaris 2008.11
# vi /etc/inet/ntp.conf
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
# svcadm enable svc:/network/ntp:default
# svcadm restart svc:/network/ntp:default
Done!
Subscribe to:
Posts (Atom)
Posts
