Super simple! centos7, sendmail in local environment, DNS server construction

Introduction

I started studying mail server and DNS server on Linux, There are various information sites, but it's too difficult for me! So, I tried to make it by trial and error.

Only in a closed LAN, disregarding security It is a super simple configuration with the settings cut off to the limit.

Constitution

Use User name IP address mail address
Email sending server c10 192.168.65.10/24 -
DNS server c53 192.168.65.53/24 -
Mail receiving server c20 192.168.65.20/24 [email protected]

構成.png 環境.png

I used one PC (Windows2012ServerR2), VMware Workstation 15 Player, and centos 7.7. A configuration with centos installed on 3 PCs is also OK.

VMware new virtual machine installation and configuration [c10, c20, c53]

After that, please read the address and user name according to each server.

-Create a new virtual machine Installation location: Local standard disk Japanese selection

-Root password: c10 Confirmation: c10

-Create user Full name: c10 Username: c10 Password: c10 Password verification: c10 Make this user an administrator: Check

・ Network adapter NAT: Share and use host IP

Network settings in VMware [c10, c20, c53]

[root@localhost c10/c53/c20]# nmcli connection modify ens33 ipv4.addresses 192.168.65.10/24 ###IP address setting
[root@localhost c10/c53/c20]# nmcli connection modify ens33 ipv4.method manual         ###Set to IP fixed allocation
[root@localhost c10/c53/c20]# nmcli connection modify ens33 connection.autoconnect yes    ###Automatic start
[root@localhost c10/c53/c20]# nmcli connection down ens33                    ###Interface restart
[root@localhost c10/c53/c20]# nmcli connection up ens33                     ###Interface restart
[root@localhost c10/c53/c20]# nmcli connection modify ens33 ipv4.dns 8.8.8.8
[root@localhost c10/c53/c20]# nmcli connection modify ens33 ipv4.gateway 192.168.65.2
[root@localhost c10/c53/c20]# systemctl restart network                     ###Network restart
[root@localhost c10]# ip add show
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:84:a7:43 brd ff:ff:ff:ff:ff:ff
    inet 192.168.65.10/24 brd 192.168.65.255 scope global noprefixroute ens33

→ For the following work, use terminal software such as teraterm to ssh connect to each machine.

Firewall disabled [c10, c20, c53]

[root@localhost c10/c53/c20]# systemctl stop firewalld      ###Service outage
[root@localhost c10/c53/c20]# systemctl status firewalld    ###Service status check
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead)since day 2020-01-05 15:34:19 JST; 979ms ago
     Docs: man:firewalld(1)

→ Confirm that it is inactive.

SELinux disabled [c10, c20, c53]

[root@localhost c10/c53/c20]# vi /etc/selinux/config
#Line 30: Fixed from enforcing
SELINUX=disabled

→ SELinux It is said that it is a module that adds a forced access control function to the Linux kernel. This time it is unnecessary, so stop it.

Introducing various software [c10, c20, c53]

[root@localhost c53]# yum install bind              ###DNS server
[root@localhost c10/c53/c20]# yum install telnet
[root@localhost c10/c53/c20]# yum install bind-utils        ###dig command
[root@localhost c10/c53/c20]# yum install tcpdump
[root@localhost c10/c20]# yum install sendmail sendmail-cf  ###Mail server
[root@localhost c10/c20]# yum install mailx           ###Used for sending and receiving emails

After installing various software, set the DNS settings inward for the new DNS server. Close the communication within the LAN (192.168.65.x / 24) by disconnecting or blocking the port on the Internet side.

[root@localhost c10/c53/c20]# nmcli connection modify ens33 ipv4.dns 192.168.65.53
[root@localhost c10/c53/c20]# systemctl restart network

Check mail server software [C10, c20]

Check if you are using sendmail as your mail server software.

[root@localhost c20]# alternatives --config mta
There are 2 programs'mta'To provide.

Select command
-----------------------------------------------
   1           /usr/sbin/sendmail.postfix
*+ 2           /usr/sbin/sendmail.sendmail

Press Enter to select the current[+]Or enter the selection number:

→ Select sendmail.

[root@localhost c10/c20]# systemctl stop postfix

→ If postfix is installed, it will stop.

Mail sending server settings [c10]

The sending server is only a sendmail installation, no additional settings are required.

[root@localhost c10]# systemctl start sendmail    ###Service start
[root@localhost c10]# systemctl status sendmail   ###Service status check
● sendmail.service - Sendmail Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:33:58 JST; 7h ago

→ Check active (running).

Mail reception server settings [c20]

[root@localhost c20]# vi /etc/mail/local-host-names
test.test

→ Set to receive emails sent to the test.test domain.

[root@localhost c20]# vi /etc/mail/sendmail.mc
#Line 118: Change from all addresses to receive
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0,  Name=MTA')dnl 
#Line 157: Domain name change
LOCAL_DOMAIN(`test.test')dnl
[root@localhost c20]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf ###Reflect settings
[root@localhost c20]# systemctl restart sendmail  ###Service restart
[root@localhost c20]# systemctl status sendmail  ###Service status check
● sendmail.service - Sendmail Mail Transport Agent
   Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:03:58 JST; 1s ago
  Process: 2252 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG (code=exited, status=0/SUCCESS)

→ Check active (running).

DNS server settings [c53]

[root@localhost c53]# vi /etc/named.conf
options {
        listen-on port 53    { any; };
        listen-on-v6 port 53 { none; };
        directory            "/var/named";
        allow-query          { localhost; 192.168.65/24; };
        allow-transfer       { localhost; 192.168.65/24; };
        recursion no;
};
zone "test.test" IN {
       type master;
       file "test.test.lan";
};
[root@localhost c53]# vi /var/named/test.test.lan
$TTL 86400
test.test.     3600    IN SOA  NS.test.test. hoge.gmail.com.(
                       2003031401      ; Serial
                       3600            ; Refresh
                       1800            ; Retry
                       604800          ; Expire
                       86400 )         ; Minimum TTL

test.test.     3600    IN NS  NS.test.test.
NS.test.test.  3600    IN A   192.168.65.53

test.test.     3600    IN MX  10 c20.test.test.
c20.test.test. 3600    IN A   192.168.65.20
[root@localhost c53]# systemctl restart named  ###Service start
[root@localhost c53]# systemctl status named  ###Service status check
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor preset: disabled)
   Active: active (running)since day 2020-01-05 19:18:10 JST; 9s ago
  Process: 2235 ExecStart=/usr/sbin/named -u named -c ${NAMEDCONF} $OPTIONS (code=exited, status=0/SUCCESS)

→ Check active (running).

Send email (C10)

[root@localhost c10]# echo "We have decided to provide you with a loan of 89.3 million yen." | mail -s "Contact from the restraint bank" -S smtp=smtp://192.168.65.20:25 -r HOGE@HOGE [email protected]

→ In c10, using the hoge domain user hoge as the sender Send an email to user c20 in the test.test domain.

Receive email (C20)

Make sure you have received the email.

[root@localhost c20]# mail
Heirloom Mail version 12.5 7/5/10.  Type ? for help.
"/var/spool/mail/c20": 1 messages 1 new
>N  1 HOGE@HOGE              Sun Jan  5 20:10  18/593   "Contact from the restraint bank"
& 1
Message  1:
From HOGE@HOGE  Sun Jan  5 20:10:14 2020
Return-Path: <HOGE@HOGE>
Date: Sun, 05 Jan 2020 20:10:14 +0900
From: HOGE@HOGE
To: [email protected]
Subject:Contact from the restraint bank
User-Agent: Heirloom mailx 12.5 7/5/10
Content-Type: text/plain; charset=utf-8
Status: R

We have decided to provide you with a loan of 89.3 million yen.

&

[root@localhost c20]# less /var/spool/mail/c20

From HOGE@HOGE  Sun Jan  5 20:10:14 2020
Return-Path: <HOGE@HOGE>
Received: from localhost ([192.168.65.10])
        by localhost.localdomain (8.14.7/8.14.7) with SMTP id 005BAEtA010237
        for <[email protected]>; Sun, 5 Jan 2020 20:10:14 +0900
Date: Sun, 05 Jan 2020 20:10:14 +0900
From: HOGE@HOGE
To: [email protected]
Subject: =?utf-8?B?6YqA6KGM44GL44KJ44Gu44GU6YCj57Wh?=
Message-ID: <5e11c416.CV3MXjGt/CAjqiTp%HOGE@HOGE>
User-Agent: Heirloom mailx 12.5 7/5/10
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Status: RO

We have decided to provide you with a loan of 89.3 million yen.

(END)
[root@localhost c20]# less /var/log/maillog
Jan  5 20:10:14 localhost sendmail[10237]: 005BAEtA010237: from=<HOGE@HOGE>, size=349, class=0, nrcpts=1, msgid=<5e11c416.CV3MXjGt/CAjqiTp%HOGE@HOGE>, proto=SMTP, daemon=MTA, relay=[192.168.65.10]
Jan  5 20:10:14 localhost sendmail[10238]: 005BAEtA010237: to=<[email protected]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30522, dsn=2.0.0, stat=Sent

→ It arrived!

trouble shooting

[root@localhost c10]# ping 192.168.65.20
PING 192.168.65.20 (192.168.65.20) 56(84) bytes of data.
64 bytes from 192.168.65.20: icmp_seq=1 ttl=64 time=1.34 ms
64 bytes from 192.168.65.20: icmp_seq=2 ttl=64 time=0.214 ms

→ Successful example.

[root@localhost c10]# ping c20.test.test
PING c20.test.test (192.168.65.20) 56(84) bytes of data.
64 bytes from 192.168.65.20 (192.168.65.20): icmp_seq=1 ttl=64 time=1.21 ms
64 bytes from 192.168.65.20 (192.168.65.20): icmp_seq=2 ttl=64 time=0.895 ms

→ Successful example.

[root@localhost c10]# ping c20.test.test
ping: c20.test.test:Unknown name or service

→ Failure example. Name resolution by DNS is not done well.

[root@localhost c10]# dig test.test any

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> test.test any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32366
;; flags: qr aa rd; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 3
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.test.                     IN      ANY

;; ANSWER SECTION:
test.test.              3600    IN      SOA     NS.test.test. test.gmail.com. 2003031401 3600 1800 604800 86400
test.test.              3600    IN      NS      NS.test.test.
test.test.              3600    IN      MX      10 c20.test.test.

;; ADDITIONAL SECTION:
NS.test.test.           3600    IN      A       192.168.65.53
c20.test.test.          3600    IN      A       192.168.65.20

;; Query time: 0 msec
;; SERVER: 192.168.65.53#53(192.168.65.53)
;; WHEN:Sun January 05 22:00:59 JST 2020
;; MSG SIZE  rcvd: 157

→ Successful example.

[root@localhost c10]# telnet 192.168.65.20 25
Trying 192.168.65.20...
Connected to 192.168.65.20.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Sun, 5 Jan 2020 22:02:10 +0900

→ Successful example.

[root@localhost c10]# telnet 192.168.65.20 25
Trying 192.168.65.20...
telnet: connect to address 192.168.65.20: No route to host
[root@localhost c10]#

→ Failure example. I can't connect due to some problem.

[root@localhost c20]# tcpdump -p -i ens33 host 192.168.65.10
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
22:13:23.245337 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [S], seq 4220477456, win 29200, options [mss 1460,sackOK,TS val 29769713 ecr 0,nop,wscale 7], length 0
22:13:23.245399 IP localhost.localdomain.smtp > 192.168.65.10.40542: Flags [S.], seq 932260319, ack 4220477457, win 28960, options [mss 1460,sackOK,TS val 14031906 ecr 29769713,nop,wscale 7], length 0
22:13:23.245599 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [.], ack 1, win 229, options [nop,nop,TS val 29769714 ecr 14031906], length 0
22:13:23.278032 IP localhost.localdomain.smtp > 192.168.65.10.40542: Flags [P.], seq 1:89, ack 1, win 227, options [nop,nop,TS val 14031939 ecr 29769714], length 88: SMTP: 220 localhost.localdomain ESMTP Sendmail 8.14.7/8.14.7; Sun, 5 Jan 2020 22:13:23 +0900
22:13:23.278447 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [.], ack 89, win 229, options [nop,nop,TS val 29769746 ecr 14031939], length 0
22:13:23.279887 IP 192.168.65.10.40542 > localhost.localdomain.smtp: Flags [P.], seq 1:17, ack 89, win 229, options [nop,nop,TS val 29769747 ecr 14031939], length 16: SMTP: HELO localhost

→ Successful example.

Reference site

-Sendmail send / receive settings, local send / receive test (Sendmail, BJD) https://qiita.com/takahashi-kazuki/items/7eb41bbc0edaa2b81caf

・ [CentOS7] sendmail basic settings | server-memo.net https://www.server-memo.net/server-setting/sendmail/sendmail-setting_centos7.html

・ The 64th DNS (3) resource record type http://www5e.biglobe.ne.jp/aji/3min/64.html

in conclusion

I was able to send and receive emails with the minimum settings! We will continue to learn, improve security, reverse lookup, and add other settings! I hope this post helps someone!

Recommended Posts

Super simple! centos7, sendmail in local environment, DNS server construction
DNS server in Python ....
About Linux environment construction (CentOS)
Environment construction of monitoring server Zabbix 4.4 on CentOS7 (Apache2.4 / PHP5.4 / MariaDB5.5)
Server construction with CONOHA VPS (CentOS)
Python3 environment construction with pyenv-virtualenv (CentOS 7.3)
Using Chainer with CentOS7 [Environment construction]
Write a super simple TCP server
Linux server construction link summary (CentOS7)
Build WordPress on CentOS 8 in LAMP environment
[Super Introduction] Machine learning using Python-From environment construction to implementation of simple perceptron-