[LINUX] Super simple! centos7, sendmail in local environment, DNS server construction

Introduction

I started studying mail server and DNS server on Linux, There are various information sites, but it's too difficult for me! So, I tried to make it by trial and error.

Only in a closed LAN, disregarding security It is a super simple configuration with the settings cut off to the limit.

Constitution

Use User name IP address mail address
Email sending server c10 192.168.65.10/24 -
DNS server c53 192.168.65.53/24 -
Mail receiving server c20 192.168.65.20/24 [email protected]

構成.png 環境.png

I used one PC (Windows2012ServerR2), VMware Workstation 15 Player, and centos 7.7. A configuration with centos installed on 3 PCs is also OK.

VMware new virtual machine installation and configuration [c10, c20, c53]

After that, please read the address and user name according to each server.

-Create a new virtual machine Installation location: Local standard disk Japanese selection

-Root password: c10 Confirmation: c10

-Create user Full name: c10 Username: c10 Password: c10 Password verification: c10 Make this user an administrator: Check

・ Network adapter NAT: Share and use host IP

Network settings in VMware [c10, c20, c53]

[[email protected] c10/c53/c20]# nmcli connection modify ens33 ipv4.addresses 192.168.65.10/24 ###IP address setting
[[email protected] c10/c53/c20]# nmcli connection modify ens33 ipv4.method manual         ###Set to IP fixed allocation
[[email protected] c10/c53/c20]# nmcli connection modify ens33 connection.autoconnect yes    ###Automatic start
[[email protected] c10/c53/c20]# nmcli connection down ens33                    ###Interface restart
[[email protected] c10/c53/c20]# nmcli connection up ens33                     ###Interface restart
[[email protected] c10/c53/c20]# nmcli connection modify ens33 ipv4.dns 8.8.8.8
[[email protected] c10/c53/c20]# nmcli connection modify ens33 ipv4.gateway 192.168.65.2
[[email protected] c10/c53/c20]# systemctl restart network                     ###Network restart
[[email protected] c10]# ip add show
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:84:a7:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.65.10/24 brd 192.168.65.255 scope global noprefixroute ens33

→ For the following work, use terminal software such as teraterm to ssh connect to each machine.

Firewall disabled [c10, c20, c53]

[[email protected] c10/c53/c20]# systemctl stop firewalld      ###Service outage
[[email protected] c10/c53/c20]# systemctl status firewalld    ###Service status check
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead)since day 2020-01-05 15:34:19 JST; 979ms ago
     Docs: man:firewalld(1)

→ Confirm that it is inactive.

SELinux disabled [c10, c20, c53]

[[email protected] c10/c53/c20]# vi /etc/selinux/config
#Line 30: Fixed from enforcing
SELINUX=disabled

→ SELinux It is said that it is a module that adds a forced access control function to the Linux kernel. This time it is unnecessary, so stop it.

Introducing various software [c10, c20, c53]

[[email protected] c53]# yum install bind              ###DNS server
[[email protected] c10/c53/c20]# yum install telnet
[[email protected] c10/c53/c20]# yum install bind-utils        ###dig command
[[email protected] c10/c53/c20]# yum install tcpdump
[[email protected] c10/c20]# yum install sendmail sendmail-cf  ###Mail server
[[email protected] c10/c20]# yum install mailx           ###Used for sending and receiving emails

After installing various software, set the DNS settings inward for the new DNS server. Close the communication within the LAN (192.168.65.x / 24) by disconnecting or blocking the port on the Internet side.

[[email protected] c10/c53/c20]# nmcli connection modify ens33 ipv4.dns 192.168.65.53
[[email protected] c10/c53/c20]# systemctl restart network

Check mail server software [C10, c20]

Check if you are using sendmail as your mail server software.

[[email protected] c20]# alternatives --config mta
There are 2 programs'mta'To provide.

Select command
-----------------------------------------------
   1           /usr/sbin/sendmail.postfix
*+ 2           /usr/sbin/sendmail.sendmail

Press Enter to select the current[+]Or enter the selection number:

→ Select sendmail.

[[email protected] c10/c20]# systemctl stop postfix

→ If postfix is installed, it will stop.

Mail sending server settings [c10]

The sending server is only a sendmail installation, no additional settings are required.

[[email protected] c10]# systemctl start sendmail    ###Service start
[[email protected] c10]# systemctl status sendmail   ###Service status check
● sendmail.service - Sendmail Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:33:58 JST; 7h ago

→ Check active (running).

Mail reception server settings [c20]

[[email protected] c20]# vi /etc/mail/local-host-names
test.test

→ Set to receive emails sent to the test.test domain.

[[email protected] c20]# vi /etc/mail/sendmail.mc
#Line 118: Change from all addresses to receive
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,  Name=MTA')dnl 
#Line 157: Domain name change
LOCAL_DOMAIN(`test.test')dnl
[[email protected] c20]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf ###Reflect settings
[[email protected] c20]# systemctl restart sendmail  ###Service restart
[[email protected] c20]# systemctl status sendmail  ###Service status check
● sendmail.service - Sendmail Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:03:58 JST; 1s ago
  Process: 2252 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG (code=exited, status=0/SUCCESS)

→ Check active (running).

DNS server settings [c53]

[[email protected] c53]# vi /etc/named.conf
options {
        listen-on port 53    { any; };
        listen-on-v6 port 53 { none; };
        directory            "/var/named";
        allow-query          { localhost; 192.168.65/24; };
        allow-transfer       { localhost; 192.168.65/24; };
        recursion no;
};
zone "test.test" IN {
       type master;
       file "test.test.lan";
};
[[email protected] c53]# vi /var/named/test.test.lan
$TTL 86400
test.test.     3600    IN SOA  NS.test.test. hoge.gmail.com.(
                       2003031401      ; Serial
                       3600            ; Refresh
                       1800            ; Retry
                       604800          ; Expire
                       86400 )         ; Minimum TTL

test.test.     3600    IN NS  NS.test.test.
NS.test.test.  3600    IN A   192.168.65.53

test.test.     3600    IN MX  10 c20.test.test.
c20.test.test. 3600    IN A   192.168.65.20
[[email protected] c53]# systemctl restart named  ###Service start
[[email protected] c53]# systemctl status named  ###Service status check
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:18:10 JST; 9s ago
  Process: 2235 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

→ Check active (running).

Send email (C10)

[[email protected] c10]# echo "We have decided to provide you with a loan of 89.3 million yen." | mail -s "Contact from the restraint bank" -S smtp=smtp://192.168.65.20:25 -r [email protected] [email protected]

→ In c10, using the hoge domain user hoge as the sender Send an email to user c20 in the test.test domain.

Receive email (C20)

Make sure you have received the email.

[[email protected] c20]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/c20": 1 messages 1 new
>N  1 [email protected]              Sun Jan  5 20:10  18/593   "Contact from the restraint bank"
& 1
Message  1:
From [email protected]  Sun Jan  5 20:10:14 2020
Return-Path: <[email protected]>
Date: Sun, 05 Jan 2020 20:10:14 +0900
From: [email protected]
To: [email protected]
Subject:Contact from the restraint bank
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=utf-8
Status: R

We have decided to provide you with a loan of 89.3 million yen.

&

[[email protected] c20]# less /var/spool/mail/c20

From [email protected]  Sun Jan  5 20:10:14 2020
Return-Path: <[email protected]>
Received: from localhost ([192.168.65.10])
        by localhost.localdomain (8.14.7/8.14.7) with SMTP id 005BAEtA010237
        for <[email protected]>; Sun, 5 Jan 2020 20:10:14 +0900
Date: Sun, 05 Jan 2020 20:10:14 +0900
From: [email protected]
To: [email protected]
Subject: =?utf-8?B?6YqA6KGM44GL44KJ44Gu44GU6YCj57Wh?=
Message-ID: <5e11c416.CV3MXjGt/CAjqiTp%[email protected]>
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Status: RO

We have decided to provide you with a loan of 89.3 million yen.

(END)
[[email protected] c20]# less /var/log/maillog
Jan  5 20:10:14 localhost sendmail[10237]: 005BAEtA010237: from=<[email protected]>, size=349, class=0, nrcpts=1, msgid=<5e11c416.CV3MXjGt/CAjqiTp%[email protected]>, proto=SMTP, daemon=MTA, relay=[192.168.65.10]
Jan  5 20:10:14 localhost sendmail[10238]: 005BAEtA010237: to=<[email protected]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30522, dsn=2.0.0, stat=Sent

→ It arrived!

trouble shooting

[[email protected] c10]# ping 192.168.65.20
PING 192.168.65.20 (192.168.65.20) 56(84) bytes of data.
64 bytes from 192.168.65.20: icmp_seq=1 ttl=64 time=1.34 ms
64 bytes from 192.168.65.20: icmp_seq=2 ttl=64 time=0.214 ms

→ Successful example.

[[email protected] c10]# ping c20.test.test
PING c20.test.test (192.168.65.20) 56(84) bytes of data.
64 bytes from 192.168.65.20 (192.168.65.20): icmp_seq=1 ttl=64 time=1.21 ms
64 bytes from 192.168.65.20 (192.168.65.20): icmp_seq=2 ttl=64 time=0.895 ms

→ Successful example.

[[email protected] c10]# ping c20.test.test
ping: c20.test.test:Unknown name or service

→ Failure example. Name resolution by DNS is not done well.

[[email protected] c10]# dig test.test any

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> test.test any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32366
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.test.                     IN      ANY

;; ANSWER SECTION:
test.test.              3600    IN      SOA     NS.test.test. test.gmail.com. 2003031401 3600 1800 604800 86400
test.test.              3600    IN      NS      NS.test.test.
test.test.              3600    IN      MX      10 c20.test.test.

;; ADDITIONAL SECTION:
NS.test.test.           3600    IN      A       192.168.65.53
c20.test.test.          3600    IN      A       192.168.65.20

;; Query time: 0 msec
;; SERVER: 192.168.65.53#53(192.168.65.53)
;; WHEN:Sun January 05 22:00:59 JST 2020
;; MSG SIZE  rcvd: 157

→ Successful example.

[[email protected] c10]# telnet 192.168.65.20 25
Trying 192.168.65.20...
Connected to 192.168.65.20.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Sun, 5 Jan 2020 22:02:10 +0900

→ Successful example.

[[email protected] c10]# telnet 192.168.65.20 25
Trying 192.168.65.20...
telnet: connect to address 192.168.65.20: No route to host
[[email protected] c10]#

→ Failure example. I can't connect due to some problem.

[[email protected] c20]# tcpdump -p -i ens33 host 192.168.65.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
22:13:23.245337 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [S], seq 4220477456, win 29200, options [mss 1460,sackOK,TS val 29769713 ecr 0,nop,wscale 7], length 0
22:13:23.245399 IP localhost.localdomain.smtp > 192.168.65.10.40542: Flags [S.], seq 932260319, ack 4220477457, win 28960, options [mss 1460,sackOK,TS val 14031906 ecr 29769713,nop,wscale 7], length 0
22:13:23.245599 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [.], ack 1, win 229, options [nop,nop,TS val 29769714 ecr 14031906], length 0
22:13:23.278032 IP localhost.localdomain.smtp > 192.168.65.10.40542: Flags [P.], seq 1:89, ack 1, win 227, options [nop,nop,TS val 14031939 ecr 29769714], length 88: SMTP: 220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Sun, 5 Jan 2020 22:13:23 +0900
22:13:23.278447 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [.], ack 89, win 229, options [nop,nop,TS val 29769746 ecr 14031939], length 0
22:13:23.279887 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [P.], seq 1:17, ack 89, win 229, options [nop,nop,TS val 29769747 ecr 14031939], length 16: SMTP: HELO localhost

→ Successful example.

Reference site

-Sendmail send / receive settings, local send / receive test (Sendmail, BJD) https://qiita.com/takahashi-kazuki/items/7eb41bbc0edaa2b81caf

・ [CentOS7] sendmail basic settings | server-memo.net https://www.server-memo.net/server-setting/sendmail/sendmail-setting_centos7.html

・ The 64th DNS (3) resource record type http://www5e.biglobe.ne.jp/aji/3min/64.html

in conclusion

I was able to send and receive emails with the minimum settings! We will continue to learn, improve security, reverse lookup, and add other settings! I hope this post helps someone!

Recommended Posts

Super simple! centos7, sendmail in local environment, DNS server construction
DNS server in Python ....
About Linux environment construction (CentOS)
Environment construction of monitoring server Zabbix 4.4 on CentOS7 (Apache2.4 / PHP5.4 / MariaDB5.5)
Server construction with CONOHA VPS (CentOS)
Python3 environment construction with pyenv-virtualenv (CentOS 7.3)
Using Chainer with CentOS7 [Environment construction]
Write a super simple TCP server
Linux server construction link summary (CentOS7)
Build WordPress on CentOS 8 in LAMP environment
[Super Introduction] Machine learning using Python-From environment construction to implementation of simple perceptron-