β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ > SERVER SECURITY > TIPS 2 :
T.me/UndercodeTesting
A useful function of the network where this machine is located 12, BIND domain name server (use with caution !!!):
Control management interface controls section syntax Format:
controls {
[inet ip_addr
port ip_port
allow {;};]
[unix path_name
perm number
owner number
group number;]
}; The control
section provides a management interface. If the first type (inet) is used, it will
listen on the specified IP (interface) and port, but only allow to restrict the list of allowed IP addresses in allow. If the second type
(unix) is used, a FIFO control pipeline is generated, and the authority, owner, and user group are defined by their parameters.
--- [[Authentication and Verification of Area Record Transmission by TSIG]] ---------------------------
First of all, please make sure your BIND domain name server software has been updated to the latest version!
In BIND 8.2+, Transaction Signatures (TSIG!) Can be used
to verify and verify the area record data. It requires that an
encryption key be configured on the primary and secondary domain name servers , and notify the server to use the key to communicate with other domain name servers. (Note that the
use of TSIG requires that the domain name server must be clock synchronized!)
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ > SERVER SECURITY > TIPS 2 :
T.me/UndercodeTesting
A useful function of the network where this machine is located 12, BIND domain name server (use with caution !!!):
Control management interface controls section syntax Format:
controls {
[inet ip_addr
port ip_port
allow {;};]
[unix path_name
perm number
owner number
group number;]
}; The control
section provides a management interface. If the first type (inet) is used, it will
listen on the specified IP (interface) and port, but only allow to restrict the list of allowed IP addresses in allow. If the second type
(unix) is used, a FIFO control pipeline is generated, and the authority, owner, and user group are defined by their parameters.
--- [[Authentication and Verification of Area Record Transmission by TSIG]] ---------------------------
First of all, please make sure your BIND domain name server software has been updated to the latest version!
In BIND 8.2+, Transaction Signatures (TSIG!) Can be used
to verify and verify the area record data. It requires that an
encryption key be configured on the primary and secondary domain name servers , and notify the server to use the key to communicate with other domain name servers. (Note that the
use of TSIG requires that the domain name server must be clock synchronized!)
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security by undercode tip 3 :
A. If you need to use TSIG signatures to manually update the secure DNS database, the specific steps are very simple:
1. Use the dnskeygen tool that comes with BIND to generate TSIG keys .
# dnskeygen -H 128 -h -n tsig-key.
Two files will be generated. '' Ktsig-key. + 157 + 00000.key '' reads as follows:
tsig-key. IN KEY 513 3 157 awwLOtRfpGE + rRKF2 + DEiw ==
'' Kvip-key. + 157 + 00000.private '' reads as follows:
Private-key-format: v1.2 Algorithm: 157 (HMAC) Key: awwLOtRfpGE + rRKF2 + DEiw ==
Note that these keys have been BASE64 encoded. Put them in the configuration file of the local domain name server. For example
:
key tsig-key. {Algorithm hmac-md5; secret "" awwLOtRfpGE + rRKF2 + DEiw == "";};
zone "" dns.nsfocus.com "" {
...
...
allow-update {key tsig-key.;};
}
Remember to restart the named daemon.
γγThen copy the two key files to the client system (or secondary domain name server), for example, / var
/ named / tsig directory. Finally, run the following command:
nsupdate -k / var / named / tsig: tsig-key.
2. The content of the main domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define the auxiliary domain name Some features of the
server server 192.168.8.18 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type master;
file db.nsfocus.com;
allow-transfer {192.168.8.18;};
};
3. The content of the auxiliary domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define some characteristics when communicating with the main domain name server
server 192.168.8.19 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type slave;
file "" bak.db.nsfocus.com " ";
masters {192.168.8.19;};
allow-transfer {none;};
};
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security by undercode tip 3 :
A. If you need to use TSIG signatures to manually update the secure DNS database, the specific steps are very simple:
1. Use the dnskeygen tool that comes with BIND to generate TSIG keys .
# dnskeygen -H 128 -h -n tsig-key.
Two files will be generated. '' Ktsig-key. + 157 + 00000.key '' reads as follows:
tsig-key. IN KEY 513 3 157 awwLOtRfpGE + rRKF2 + DEiw ==
'' Kvip-key. + 157 + 00000.private '' reads as follows:
Private-key-format: v1.2 Algorithm: 157 (HMAC) Key: awwLOtRfpGE + rRKF2 + DEiw ==
Note that these keys have been BASE64 encoded. Put them in the configuration file of the local domain name server. For example
:
key tsig-key. {Algorithm hmac-md5; secret "" awwLOtRfpGE + rRKF2 + DEiw == "";};
zone "" dns.nsfocus.com "" {
...
...
allow-update {key tsig-key.;};
}
Remember to restart the named daemon.
γγThen copy the two key files to the client system (or secondary domain name server), for example, / var
/ named / tsig directory. Finally, run the following command:
nsupdate -k / var / named / tsig: tsig-key.
2. The content of the main domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define the auxiliary domain name Some features of the
server server 192.168.8.18 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type master;
file db.nsfocus.com;
allow-transfer {192.168.8.18;};
};
3. The content of the auxiliary domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define some characteristics when communicating with the main domain name server
server 192.168.8.19 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type slave;
file "" bak.db.nsfocus.com " ";
masters {192.168.8.19;};
allow-transfer {none;};
};
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 4
--- [[implement DNSSec function]] -------------------- ----------------------------- To be
1) honest, I have been thinking about whether to implement the DNSSec function in the current version. Because although ISC
has added DNSSec implementation after BIND 8.1.x version, the actual application is not common, and
2) the NXT remote security vulnerability announced last year is related to DNSSec (in fact, NXT is one of the functions implemented by DNSSec).
Finally, I decided not to discuss how to implement the DNSSec security function in this article.
3) But it is undeniable that DNSSec is indeed a good security technology, which improves the
security of DNS services by encrypting DNS data . The master encryption key is used to encrypt and sign the encryption key of the first-level domain
name .
4) The first-level domain name (.com,.
For example, the domain name server of exmaple.com is signed by the .com domain key, and the nsfocus.com domain key is used to
encrypt and sign the www.example.com domain name.
stsite.com
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 4
--- [[implement DNSSec function]] -------------------- ----------------------------- To be
1) honest, I have been thinking about whether to implement the DNSSec function in the current version. Because although ISC
has added DNSSec implementation after BIND 8.1.x version, the actual application is not common, and
2) the NXT remote security vulnerability announced last year is related to DNSSec (in fact, NXT is one of the functions implemented by DNSSec).
Finally, I decided not to discuss how to implement the DNSSec security function in this article.
3) But it is undeniable that DNSSec is indeed a good security technology, which improves the
security of DNS services by encrypting DNS data . The master encryption key is used to encrypt and sign the encryption key of the first-level domain
name .
4) The first-level domain name (.com,.
For example, the domain name server of exmaple.com is signed by the .com domain key, and the nsfocus.com domain key is used to
encrypt and sign the www.example.com domain name.
stsite.com
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 5 by Undercode"::
--- [[Realize BIND's chroot]] ---------------
(Take FreeBSD system platform as an example)
Step 1: Get and install the latest source code version of BIND-8,
please go to The ISC FTP site downloads the latest version of BIND.
BIND 8: http://www.isc.org/products/BIND/bind8.html
BIND 9: http://www.isc.org/products/BIND/bind9.html
Step 2: Construct a static named And named-xfer binaries
After compilation and installation, you need to construct a statically linked version of the executable file. Simply
modify the Makefile.set file in the% BIND% / src / port / freebsd directory.
γγModify the content of the file:
'' CDEBUG = -O2 -g ''
Replace with:
'' CDEBUG = -O2 -static ''
Switch to the source code path of BIND, execute "" make clean "" and "" make "" command.
In the following steps, these files will be copied to the chroot () directory.
# cd / tmp / bind / src
# make clean; make
The static link execution file constructed in this step does not need to load the dynamic link library at runtime. In a chroot ()
environment, this "stand-alone" executable file avoids the problem of missing link library files. It
does not require any static link library in the chroot () environment, which can simplify the service configuration. All other network daemons can also
compile and use this statically linked version.
Step 3: Construct the BIND directory Construct the BIND directory
for the chroot () environment. This directory will be treated as the system
root directory by BIND in the chroot () environment . Here I use / chroot / bind as the root directory after chroot.
# cd / chroot / bind
# mkdir / chroot
# mkdir / chroot / dev
# mkdir / chroot / etc
# mkdir / chroot / etc / namedb
# mkdir / chroot / usr
# mkdir / chroot / usr / sbin
# mkdir / chroot / var
# mkdir / chroot / var / run
γγneeds to copy the following files to the corresponding subdirectories under it, and perform some necessary processing:
# cp /etc/namedb/named.conf / chroot / bind / etc /
# cp / etc / localtime / chroot / bind / etc /
# grep bind / etc / group> / chroot / bind / etc / group
# cp -R / etc / namedb / / chroot / bind / etc / namedb /
# mknod / chroot / bind / dev / null c 2 2
# chmod 666 / chroot / bin / dev / null
# cp / tmp / bind / src / bin / named / named / chroot / bind / usr / sbin /
# cp / tmp / bind / src / bin / named-xfer / named-xfer / chroot / bind /
In addition, you can also specify the logging directory (such as / var / log), please refer to the following chapter or
the man page of named.conf.
Step 4: Add bind users and groups (if not. If there are already users
or groups like bind or named , skip this step.)
Add bind users and groups in / etc / passwd and / etc / group files . They are
the UID / GID when the DNS server is running .
At this point, you can execute the "" chown -R bind.bind / chroot / bind / etc /
namedb "" command in the chroot environment . In this way, when you send an interrupt signal (kill -INT) to the system, the named process can save the
server cache and statistics. If the directory is owned by root, the named process cannot write output to the directory
, but it does not affect the named server function. Another option is to only change directory permissions (so that named users
have write permissions), while the owner is still root. This method is also feasible, but must be carefully set to ensure that
Its users will not modify named records!
*** Important warning ***
Do not run named with an existing UID / GID (such as "" nobody ""). Remember,
using any existing UID / GID in a chroot environment may affect the security of the service. You must develop the habit of
providing a separate UID / GID for each daemon in the chroot environment.
Step 5: Other necessary adjustments
γγIf additional directories and files are specified in named.conf, they should also be set accordingly in the chroot () environment
(in this case, / chroot / bind / directory).
π¦ server security tip 5 by Undercode"::
--- [[Realize BIND's chroot]] ---------------
(Take FreeBSD system platform as an example)
Step 1: Get and install the latest source code version of BIND-8,
please go to The ISC FTP site downloads the latest version of BIND.
BIND 8: http://www.isc.org/products/BIND/bind8.html
BIND 9: http://www.isc.org/products/BIND/bind9.html
Step 2: Construct a static named And named-xfer binaries
After compilation and installation, you need to construct a statically linked version of the executable file. Simply
modify the Makefile.set file in the% BIND% / src / port / freebsd directory.
γγModify the content of the file:
'' CDEBUG = -O2 -g ''
Replace with:
'' CDEBUG = -O2 -static ''
Switch to the source code path of BIND, execute "" make clean "" and "" make "" command.
In the following steps, these files will be copied to the chroot () directory.
# cd / tmp / bind / src
# make clean; make
The static link execution file constructed in this step does not need to load the dynamic link library at runtime. In a chroot ()
environment, this "stand-alone" executable file avoids the problem of missing link library files. It
does not require any static link library in the chroot () environment, which can simplify the service configuration. All other network daemons can also
compile and use this statically linked version.
Step 3: Construct the BIND directory Construct the BIND directory
for the chroot () environment. This directory will be treated as the system
root directory by BIND in the chroot () environment . Here I use / chroot / bind as the root directory after chroot.
# cd / chroot / bind
# mkdir / chroot
# mkdir / chroot / dev
# mkdir / chroot / etc
# mkdir / chroot / etc / namedb
# mkdir / chroot / usr
# mkdir / chroot / usr / sbin
# mkdir / chroot / var
# mkdir / chroot / var / run
γγneeds to copy the following files to the corresponding subdirectories under it, and perform some necessary processing:
# cp /etc/namedb/named.conf / chroot / bind / etc /
# cp / etc / localtime / chroot / bind / etc /
# grep bind / etc / group> / chroot / bind / etc / group
# cp -R / etc / namedb / / chroot / bind / etc / namedb /
# mknod / chroot / bind / dev / null c 2 2
# chmod 666 / chroot / bin / dev / null
# cp / tmp / bind / src / bin / named / named / chroot / bind / usr / sbin /
# cp / tmp / bind / src / bin / named-xfer / named-xfer / chroot / bind /
In addition, you can also specify the logging directory (such as / var / log), please refer to the following chapter or
the man page of named.conf.
Step 4: Add bind users and groups (if not. If there are already users
or groups like bind or named , skip this step.)
Add bind users and groups in / etc / passwd and / etc / group files . They are
the UID / GID when the DNS server is running .
At this point, you can execute the "" chown -R bind.bind / chroot / bind / etc /
namedb "" command in the chroot environment . In this way, when you send an interrupt signal (kill -INT) to the system, the named process can save the
server cache and statistics. If the directory is owned by root, the named process cannot write output to the directory
, but it does not affect the named server function. Another option is to only change directory permissions (so that named users
have write permissions), while the owner is still root. This method is also feasible, but must be carefully set to ensure that
Its users will not modify named records!
*** Important warning ***
Do not run named with an existing UID / GID (such as "" nobody ""). Remember,
using any existing UID / GID in a chroot environment may affect the security of the service. You must develop the habit of
providing a separate UID / GID for each daemon in the chroot environment.
Step 5: Other necessary adjustments
γγIf additional directories and files are specified in named.conf, they should also be set accordingly in the chroot () environment
(in this case, / chroot / bind / directory).
> Step 6: Debug
1. Terminate the original syslogd and named daemons in the system.
# killall syslogd named
2. Restart the syslogd daemon with appropriate parameters.
# syslogd -s -p / chroot / bind / var / run / log
3. Restart the named daemon with appropriate parameters.
# / chroot / bind / named -u bind -g bind -t / chroot / bind
4. Check whether the syslogd / named daemon, listening port is normal, and whether the named process in the / var / log / messages file
starts normally.
# ps auwx | grep syslogd
root 5896 0.0 1.7 896 508 ?? Ss 9:44 PM 0: 00.10 syslogd -s -p
/ chroot / bind / var / run / log
# ps auwx | grep named
bind 5941 0.0 4.9 1652 1444 ?? Is 9:52 PM 0: 00.01
/ chroot / bind / usr / sbin / named -u bind -g bind -t / chroot / bind
# netstat
-angrep 53 tcp4 0 0 127.0.0.1.53 *. * LISTEN
tcp4 0 0 192.168.8.19.53 *. * LISTEN
udp4 0 0 127.0.0.1.53 *. *
udp4 0 0 192.168. 8.19.53 *. *
Step 7: Modify the system startup script
γγFor FreeBSD systems, add the following content to the /etc/rc.conf file:
syslogd_enable = "" YES ""
# If you want to prohibit sending logs out, change- Replace s with -ss.
syslogd_flags = ""-s -p / chroot / bind / var / run / log ""
named_enable = "" YES ""
named_flags = ""-u bind -g bind -t / chroot / bind ""
γγNote: If on other system platforms, such as OpenBSD, Linux, Solaris, it may be slightly different.
The main reason is that the syslog implementation is different on different platforms. For example, for OpenBSD and Linux systems,
the command to open the log alias socket is "" syslogd -a / chroot / bind / var / run / log "", and the Solaris
syslogd daemon does not support aliases.
E N J O Y
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
1. Terminate the original syslogd and named daemons in the system.
# killall syslogd named
2. Restart the syslogd daemon with appropriate parameters.
# syslogd -s -p / chroot / bind / var / run / log
3. Restart the named daemon with appropriate parameters.
# / chroot / bind / named -u bind -g bind -t / chroot / bind
4. Check whether the syslogd / named daemon, listening port is normal, and whether the named process in the / var / log / messages file
starts normally.
# ps auwx | grep syslogd
root 5896 0.0 1.7 896 508 ?? Ss 9:44 PM 0: 00.10 syslogd -s -p
/ chroot / bind / var / run / log
# ps auwx | grep named
bind 5941 0.0 4.9 1652 1444 ?? Is 9:52 PM 0: 00.01
/ chroot / bind / usr / sbin / named -u bind -g bind -t / chroot / bind
# netstat
-angrep 53 tcp4 0 0 127.0.0.1.53 *. * LISTEN
tcp4 0 0 192.168.8.19.53 *. * LISTEN
udp4 0 0 127.0.0.1.53 *. *
udp4 0 0 192.168. 8.19.53 *. *
Step 7: Modify the system startup script
γγFor FreeBSD systems, add the following content to the /etc/rc.conf file:
syslogd_enable = "" YES ""
# If you want to prohibit sending logs out, change- Replace s with -ss.
syslogd_flags = ""-s -p / chroot / bind / var / run / log ""
named_enable = "" YES ""
named_flags = ""-u bind -g bind -t / chroot / bind ""
γγNote: If on other system platforms, such as OpenBSD, Linux, Solaris, it may be slightly different.
The main reason is that the syslog implementation is different on different platforms. For example, for OpenBSD and Linux systems,
the command to open the log alias socket is "" syslogd -a / chroot / bind / var / run / log "", and the Solaris
syslogd daemon does not support aliases.
E N J O Y
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Pandora Premium Accounts verified :
> brandon1240@yahoo.com:R2id3rs19
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodeTesting
================
traceyd775@yahoo.com:daryl775
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
erinndave@sbcglobal.net:Emmamay1
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
rickmyers3@yahoo.com:sixers
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
taverious5@yahoo.com:Radio5
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
cindy8076@gmail.com:jazmine1
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
larryevil@aol.com:ank1128
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
dpotter562@hotmail.com:shan1119
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetestingTelegram
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Pandora Premium Accounts verified :
> brandon1240@yahoo.com:R2id3rs19
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodeTesting
================
traceyd775@yahoo.com:daryl775
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
erinndave@sbcglobal.net:Emmamay1
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
rickmyers3@yahoo.com:sixers
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
taverious5@yahoo.com:Radio5
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
cindy8076@gmail.com:jazmine1
Plan: Pandora Premium monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
larryevil@aol.com:ank1128
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetesting Telegram
================
dpotter562@hotmail.com:shan1119
Plan: Pandora Plus monthly subscription
Auto-Renew: YES
@undercodetestingTelegram
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 most popular site for Virtual CC free-paid plans For trials & transfers
t.me/UndercodeTesting
> https://www.card.com/
> http://bankfreedom.com/
> https://www.neteller.com/en_us
> https://www.americanexpress.com/
> https://www.payoneer.com/
> https://www.netspend.com/
> https://www.entropay.com/
> https://www.beboon.com/
E N J O Y
@UnDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦2020 most popular site for Virtual CC free-paid plans For trials & transfers
t.me/UndercodeTesting
> https://www.card.com/
> http://bankfreedom.com/
> https://www.neteller.com/en_us
> https://www.americanexpress.com/
> https://www.payoneer.com/
> https://www.netspend.com/
> https://www.entropay.com/
> https://www.beboon.com/
E N J O Y
@UnDERCODETESTING
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦Qmail + LDAP installation and configuration example full by Undercode :
> t.me/UndercodeTesting
π¦ππΌπ' π πππΈβπ :
> SMTP access control
Allow the local host to send
messages via SMTP: echo '' 127.:allow,RELAYCLIENT = "" "" '' >> / etc / tcp.smtp
qmailctl cdb to
stop the installed MTA.
π¦ If the MTA is Sendmail, you should use one of the following commands to stop sendmail work:
/etc/init.d/sendmail stop
/ sbin / init.d / sendmail stop
/etc/rc.d/init.d / sendmail stop
or the following command to stop
kill PID-of-sendmail
uninstall Sendmail through the following command:
rpm -e --nodeps sendmail
Finally, use the qmail version of sendmail instead of the system / usr / lib / sendmail sendmail:
mv / usr / lib / sendmail /usr/lib/sendmail.old # ignore errors
mv / usr / sbin / sendmail /usr/sbin/sendmail.old # ignore errors
chmod 0 /usr/lib/sendmail.old / usr / sbin /sendmail.old # ignore errors
ln -s / var / qmail / bin / sendmail / usr / lib
ln -s / var / qmail / bin / sendmail / usr / sbin
π¦ Note: It is important to generate '' sendmail links because there are Many applications involve sending mail.
The last step generates the system alias (aliases)
echo alias> /var/qmail/alias/.qmail-root
echo alias> /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster / var / qmail / alias / .qmail-mailer-daemon
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
start qmail
qmailctl start
add pop3 service
Generate / var / qmail / supervise / qmail-pop3d / run script contains the following content:
#! / Bin / sh
exec / usr / local / bin / tcpserver -v -R -H -l 0 0 110 / var / qmail / bin / qmail-popup
longshine.com / bin / checkpassword / var / qmail / bin / qmail-pop3d Maildir 2> & 1
Generate / var / qmail / supervise / qmail-pop3d / log / run The script contains the following content:
#! / bin / sh
exec / usr / local / bin / setuidgid qmaill / usr / local / bin / multilog t
/ var / log / qmail / pop3d
creates a log directory so that the script can be executed and links this service to / service:
chmod + t / var / qmail / supervise / qmail-pop3d
mkdir / var / log / qmail / pop3d
chown qmaill / var / log / qmail / pop3d
chmod 755 / var / qmail / supervise / qmail-pop3d / run
chmod 755 / var / qmail / supervise / qmail -pop3d / log / run
ln -s / var / qmail / supervise / qmail-pop3d / service
add the following to the qmailctl script:
in the "" start "" part of qmailctl '':
if svok / service / qmail-pop3d; then
svc -u / service / qmail-pop3d
else
echo qmail-pop3d service not running
fi
in the "" stop "" part of qmailctl '':
echo "" qmail-pop3d ""
svc -d / service / qmail-pop3d
in "" stat "of qmailctl '' "" Part:
svstat / service / qmail-pop3d
svstat / service / qmail-pop3d / log
in the "" pause "" part of qmailctl ":
echo" "Pausing qmail-pop3d" "
svc -p /service/qmail-pop3d
ε¨qmailctl''η ""cont"" ι¨ε:
echo ""Continuing qmail-pop3d""
svc -c /service/qmail-pop3d
: In qmailctl '' the "" restart "" section
. "* Restarting qmail-pop3d" "echo"
SVC -t /-Service / qmail-pop3d
/ script added to the hosts / etc
172.18.6.111 longshine.com
qmail Test
π¦ Test Installation:
You can refer to the TEST.deliver and TEST.receive documents to test whether it is working properly. Note that the log is generated by multilog instead of splogger.
Test Pop3 and SMTP service
γγfirst start qmail mail server, and then test, use the following command:
γγlocal testing:
γγ#run_mail
γγ#netstat -na | grep 25
γγ#netstat -na | grep 110
γγ#telnet localhost 110
γγthe User the Test
γγPass the Test
γγList
γγRETR 1
γγremote testing :
γ
π¦ γUse the graphical mail client (such as outlook, foxmail, etc.) under Windows to test the sending and receiving of mail.
Add LDAP support for qmail
π¦Qmail + LDAP installation and configuration example full by Undercode :
> t.me/UndercodeTesting
π¦ππΌπ' π πππΈβπ :
> SMTP access control
Allow the local host to send
messages via SMTP: echo '' 127.:allow,RELAYCLIENT = "" "" '' >> / etc / tcp.smtp
qmailctl cdb to
stop the installed MTA.
π¦ If the MTA is Sendmail, you should use one of the following commands to stop sendmail work:
/etc/init.d/sendmail stop
/ sbin / init.d / sendmail stop
/etc/rc.d/init.d / sendmail stop
or the following command to stop
kill PID-of-sendmail
uninstall Sendmail through the following command:
rpm -e --nodeps sendmail
Finally, use the qmail version of sendmail instead of the system / usr / lib / sendmail sendmail:
mv / usr / lib / sendmail /usr/lib/sendmail.old # ignore errors
mv / usr / sbin / sendmail /usr/sbin/sendmail.old # ignore errors
chmod 0 /usr/lib/sendmail.old / usr / sbin /sendmail.old # ignore errors
ln -s / var / qmail / bin / sendmail / usr / lib
ln -s / var / qmail / bin / sendmail / usr / sbin
π¦ Note: It is important to generate '' sendmail links because there are Many applications involve sending mail.
The last step generates the system alias (aliases)
echo alias> /var/qmail/alias/.qmail-root
echo alias> /var/qmail/alias/.qmail-postmaster
ln -s .qmail-postmaster / var / qmail / alias / .qmail-mailer-daemon
chmod 644 /var/qmail/alias/.qmail-root /var/qmail/alias/.qmail-postmaster
start qmail
qmailctl start
add pop3 service
Generate / var / qmail / supervise / qmail-pop3d / run script contains the following content:
#! / Bin / sh
exec / usr / local / bin / tcpserver -v -R -H -l 0 0 110 / var / qmail / bin / qmail-popup
longshine.com / bin / checkpassword / var / qmail / bin / qmail-pop3d Maildir 2> & 1
Generate / var / qmail / supervise / qmail-pop3d / log / run The script contains the following content:
#! / bin / sh
exec / usr / local / bin / setuidgid qmaill / usr / local / bin / multilog t
/ var / log / qmail / pop3d
creates a log directory so that the script can be executed and links this service to / service:
chmod + t / var / qmail / supervise / qmail-pop3d
mkdir / var / log / qmail / pop3d
chown qmaill / var / log / qmail / pop3d
chmod 755 / var / qmail / supervise / qmail-pop3d / run
chmod 755 / var / qmail / supervise / qmail -pop3d / log / run
ln -s / var / qmail / supervise / qmail-pop3d / service
add the following to the qmailctl script:
in the "" start "" part of qmailctl '':
if svok / service / qmail-pop3d; then
svc -u / service / qmail-pop3d
else
echo qmail-pop3d service not running
fi
in the "" stop "" part of qmailctl '':
echo "" qmail-pop3d ""
svc -d / service / qmail-pop3d
in "" stat "of qmailctl '' "" Part:
svstat / service / qmail-pop3d
svstat / service / qmail-pop3d / log
in the "" pause "" part of qmailctl ":
echo" "Pausing qmail-pop3d" "
svc -p /service/qmail-pop3d
ε¨qmailctl''η ""cont"" ι¨ε:
echo ""Continuing qmail-pop3d""
svc -c /service/qmail-pop3d
: In qmailctl '' the "" restart "" section
. "* Restarting qmail-pop3d" "echo"
SVC -t /-Service / qmail-pop3d
/ script added to the hosts / etc
172.18.6.111 longshine.com
qmail Test
π¦ Test Installation:
You can refer to the TEST.deliver and TEST.receive documents to test whether it is working properly. Note that the log is generated by multilog instead of splogger.
Test Pop3 and SMTP service
γγfirst start qmail mail server, and then test, use the following command:
γγlocal testing:
γγ#run_mail
γγ#netstat -na | grep 25
γγ#netstat -na | grep 110
γγ#telnet localhost 110
γγthe User the Test
γγPass the Test
γγList
γγRETR 1
γγremote testing :
γ
π¦ γUse the graphical mail client (such as outlook, foxmail, etc.) under Windows to test the sending and receiving of mail.
Add LDAP support for qmail