ตัวอย่างการ configue relay mail on Centos

Ref: configure-postfix-to-relay-mail-to-an-external-smtp-server-on-centos-7/

Configure Postfix to Relay Mail to an External SMTP Server on CentOS 7

Posted on 09/04/2018 by Tomas

The benefit of having two Postfix servers relaying email to an external SMTP server is redundancy.
This article is part of the Homelab Project with KVM, Katello and Puppet series.

Homelab

We have two CentOS 7 (minimal) servers installed which we want to configure as follows:
admin1.hl.local (10.11.1.2) – will be configured as a Postfix relay
admin2.hl.local (10.11.1.3) – will be configured as a Postfix relay
Both servers have SELinux set to enforcing mode.
See the image below to identify the homelab part this article applies to.

Software

Software used in this article:

1. CentOS 7
2. Postfix 2.10

Install Postfix

Note that this section applies to both servers.
Install Postfix and ensure that the service is enabled:

# yum install postfix cyrus-sasl-plain
# systemctl enable postfix

In case Sendmail is installed, remove it:

# yum remove -y sendmail*

Allow inbount firewall traffic:

# iptables -A INPUT -s 10.11.1.0/24 -p tcp -m state --state NEW --dport 25 -j ACCEPT

Configure Postfix Server as a Relay

Note that this section applies to both servers. Open /etc/postfix/main.cf for editing and configure the following:

smtpd_banner = $myhostname ESMTP
inet_interfaces = all
inet_protocols = ipv4

mynetworks = 127.0.0.0/8, 10.11.1.0/24
relayhost = [mail.example.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CApath = /etc/ssl/certs
smtp_use_tls = yes

Create a new file /etc/postfix/sasl_passwd and add the authentication details of the external SMTP server:

[mail.example.com]:587 user@example.com:passwd

Prevent non-root access:

# chmod 0600 /etc/postfix/sasl_passwd

Create a database file:

# postmap /etc/postfix/sasl_passwd

Check configuration and restart Postfix service:

# postfix check
# systemctl restart postfix

Configure Postfix on a Null Client

When we configure other homelab servers to us Postfix to relay emails via admin1 and admin2, we can have a fallback relay defined (taken from the Postfix configuration file /etc/postfix/main.cf that’s on the Katello server):

relayhost = [admin1.hl.local]
fallback_relay = [admin2.hl.local]

This gives us redundancy in a way so that if one of the SMTP relays is down, we can send emails out via the second one.
Here is an example taken from our Katello server when both relays are operational:

[katello]# echo test|mailx -s TEST user@example.com

Feb 18 18:09:52 katello postfix/pickup[23067]: 328C73D94: uid=0 from=
Feb 18 18:09:52 katello postfix/cleanup[23089]: 328C73D94: message-id=<20180218180952 .328c73d94="" katello.hl.local="">
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: from=, size=421, nrcpt=1 (queue active)
Feb 18 18:09:52 katello postfix/smtp[23091]: 328C73D94: to=, relay=admin1.hl.local[10.11.1.2]:25, delay=0.13, delays=0.04/0.02/0.03/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4A557532)
Feb 18 18:09:52 katello postfix/qmgr[23068]: 328C73D94: removed

We see that email was relayed via admin1. Now, if the admin1 server was down, the email would get relayed via admin2:

Feb 18 18:11:17 katello postfix/pickup[23067]: A81993D96: uid=0 from=
Feb 18 18:11:17 katello postfix/cleanup[23089]: A81993D96: message-id=<20180218181117 .a81993d96="" katello.hl.local="">
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: from=, size=421, nrcpt=1 (queue active)
Feb 18 18:11:17 katello postfix/smtp[23091]: connect to admin1.hl.local[10.11.1.2]:25: Connection refused
Feb 18 18:11:17 katello postfix/smtp[23091]: A81993D96: to=, relay=admin2.hl.local[10.11.1.3]:25, delay=0.2, delays=0.01/0/0.08/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as C9F614D6)
Feb 18 18:11:17 katello postfix/qmgr[23068]: A81993D96: removed

This entry was posted in Linux, Mail/SMTP and tagged CentOS, failover, fallback_relay, homelab, Postfix. Bookmark the permalink. If you notice any errors, please contact us. 

 

 

Script check server down (Monitor server)

----------------------------------------------Begin--------------------------------------------

#!/bin/bash
SERVERIP=192.168.0.xx
NOTIFYEMAIL=admin@domain.com

ping -c 3 $SERVERIP > /dev/null 2>&1
if [ $? -ne 0 ]
then
   # Use your favorite mailer here:
   echo "Dear Admin team please check LAN interface on this server ip: $SERVERIP" | mail -s "Alert IP: $SERVERIP interface: XXX is down" -r Server-Info@domain.com $NOTIFYEMAIL


----------------------------------------------End----------------------------------------------

#vim checkiponline.sh
------------------------Script check ip online ----------------------------------------------

echo " -------------------------------------------  "
echo " -------------------------------------------  "
for i in $( ls /sys/class/net ); do echo -n $i; ethtool $i | grep Link\ d; done
echo " -------------------------------------------  "
echo " -------------------------------------------  "
ip a
echo " -------------------------------------------  "
echo " -------------------------------------------  "

--------------------------End Script----------------------------------------------------------

การเช็คขนาดพื้นที่ แบบเรียงจากน้อยไปมาก du -h

1. เช็คแบบละเอียด
du -h /mnt/path |sort -h
du -h -x /mnt/path/* | sort -hr > chksizect03_sort.txt

2. เช็คไม่ละเอียด
du -sh /mnt/path/* |sort -h
du -sh /mnt/path/* |sort -rh > chksize.txt

3. จัดเรียงแค่ 10 ลำดับ
tree -ihafF /home | tr '[]' ' '|sort -k1hr|head -10

Ref.
linux-showing-wrong-disk-space-used-du-h-x-sort-hr-has-different-space

ibmonitor

#gwet http://prdownloads.sourceforge.net/ibmonitor/ibmonitor-1.4.tar.gz
#tar -zvxf ibmonitor-1.4.tar.gz
# chown -R root ibmonitor
# chmod -R 755 ibmonitor
# cp -r ibmonitor /usr/bin/
# /usr/bin/ibmonitor/ibmonitor --bits --bytes --max --avg --data
#/usr/bin/ibmonitor/ibmonitor ibmonitor --max --avg --data



Ref: ibmonitor

แก้ DNS ubuntu 17.10

sudo vim /etc/resolvconf/resolv.conf.d/head
nameserver IP dns internal 1
nameserver IP dns internal 2

set sftp on centos 7

set sftp

https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-centos-7#conclusion

configure samba for centos 7

#yum install samba samba-client samba-common


vim /etc/samb/smb.conf

-------------------------------------------Start-----------------------------------------------------
[global]
        workgroup = ARSSYSTEM
        server string = ARS Data Center System
        security = user
        netbios name = ARSDC08

        browseable = No
;       passdb backend = tdbsam
        passdb backend = smbpasswd

        printing = cups
        printcap name = cups
        load printers = no
        cups options = raw
        disable spoolss = yes
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

        veto files = /*.mp3*/            #Protect file mp3

        log file = /var/log/samba/%m.log
        log level = 3
        debug timestamp = yes
        host msdfs = no
        ntlm auth = yes                   # For user windows xp access

-------------------------------------------//End//---------------------------------------------------

การปรับสิทธิ์ให้ผู้ใช้งาน 2 กลุ่ม เช่น user01 อยู่ในกลุ่ม user, tech สามารถสร้างและให้คนที่อยู่ในกลุ่มอื่นแก้ไขไฟล์ได้พร้อมกัน โดยการบังคับให้เวลาสร้าง Folder, File, อยู่ในกลุ่ม tech แทนกลุ่ม user

[tech]
        comment = Tech department only
        inherit acls = Yes
        path = /mnt/tech
        guest ok = no
        browseable = yes
        write list = @techAdmin   #only the group that has write privileges
        valid users = @tech
        force group = tech            #this is so that all files written to the share will be set to "chgrp tech" if you dont do this only the user that created the file will have access to it.
        create mask = 0775            #this forces all created documents to have 775 perms (WR-WR-WR)
        directory mask = 0775       #same for directories

การปรับ Resolutoin windows 8 ใน Virtual box full screen (เต็มจอ)

1. เช็คเวอร์ชั่นของ Virtual box ที่ใช้งานอยู่ version ?
2. เข้าไปใน Windows ใน Virtual box แล้ว download Virtualbox Index Resource
http://download.virtualbox.org/virtualbox/
3. เลือกเป็นไฟล์  VBoxGuestAdditions_5.1.22.iso
4. โหลดลงเครื่องแล้วเข้าไปติดตั้ง ให้ตรง windows 64 bit / 32 bit
5. restart 1 ครั้ง สามารถเซท full screen ปรับที่ resolution windows และกด Ctrl(right)+F

Ref: https://www.youtube.com/watch?v=MGQysYizzII