使用 Ubuntu 安裝郵件伺服器 (Mail Server)：Postfix + Dovecot + Openwebmail
Posted by ken on September 12th, 2010
在 DNS Server 的文章提到二個域名 (domain name)：
www.example.com.tw
mail.example.com.tw
這篇文章的內容與 mail.example.com.tw 有關；至於 www.example.com.tw 上一篇已經說明。
架設郵件伺服器 (mail server) 需要 Postfix 和 Dovecot 二個套件。
Postfix 負責 SMTP
Dovecot 負責 POP3 和 IMAP
選擇 Dovecot 的理由是 Dovecot 同時支援 Maildir 和 mbox；而 Openwebmail 只支援 mbox。
Ubuntu Server 從 9.10 版開始提供一支套件 Dovecot-postfix，這支套件整合了 Postfix 與 Dovecot 的設定環境，使設定更簡單。
環境
我們希望郵件伺服器 Outlook Express 可以收發郵件，同時也提供網頁郵件服務。以下是我們的假設環境：
郵件伺服器：Postfix
POP3 伺服器：Dovecot-pop3d
IMAP 伺服器：Dovecot-imapd
信箱格式：mbox
認證：使用 Ubuntu Server 的帳號及密碼
網頁郵件服務：Openwebmail
Postfix
Ubuntu Server 常用的郵件伺服器是 Postfix。
安裝
安裝 Postfix 的指令如下：
sudo apt-get install postfix
安裝過程中，畫面會要求你設定你的環境。
Internet Site
example.com.tw
啟動停止 Postfix 的指令如下：
sudo /etc/init.d/postfix start #啟動 Postfix
sudo /etc/init.d/postfix stop #停止 Postfix
sudo /etc/init.d/postfix restart #重新啟動 Postfix
組態
後面我們要安裝 dovecot-postfix 套件，安裝 dovecot-postfix 會修改 Postfix 的 main.cf 檔案，這裡的 main.cf 檔案是被 dovecot-postfix 更改後的檔案。
Postfix 主要的組態設定檔是 /etc/postfix/main.cf。vi 編輯 main.cf 的指令如下：
sudo vi /etc/postfix/main.cf
main.cf 的內容如下：
第 9行 將 (Ubuntu) 拿掉
第21行到第25行 #註記
第34行 新增 mail.example.com.tw
第41行 #註記，因為這裡使用 mbox
第54行 #註記
第56行到第61行 #註記
# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
#smtpd_tls_cert_file = /etc/ssl/certs/ssl-mail.pem
#smtpd_tls_key_file = /etc/ssl/private/ssl-mail.key
#smtpd_use_tls = yes
#smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
#smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = dns.example.com.tw
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.example.com.tw, example.com.tw, dns.example.com.tw, localhost.example.com.tw, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

#home_mailbox = Maildir/

smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/dovecot-auth
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes

smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = reject_unknown_sender_domain

#mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-dovecot-postfix.conf -n -m "${EXTENSION}"

#smtp_use_tls = yes
#smtpd_tls_received_header = yes
#smtpd_tls_mandatory_protocols = SSLv3, TLSv1
#smtpd_tls_mandatory_ciphers = medium
#smtpd_tls_auth_only = yes
#tls_random_source = dev:/dev/urandom
重新啟動 Postfix。
Dovecot
Ubuntu Server 常用的 POP3 Server, IMAP Server 是 dovecot。
安裝
安裝 Dovecot POP3, IMAP Server 的指令如下：
sudo apt-get install dovecot-pop3d dovecot-imapd
安裝 dovecot-postfix 的指令如下：
sudo apt-get install dovecot-postfix
啟動停止 Dovecot 的指令如下：
sudo /etc/init.d/dovecot start #啟動 Dovecot
sudo /etc/init.d/dovecot stop #停止 Dovecot
sudo /etc/init.d/dovecot restart #重新啟動 Dovecot
組態
安裝 dovecot-postfix 後，/etc/dovecot 目錄的 dovecot.conf 被 # 註記了。新的組態檔的位置在：
Ubuntu Server 9.10 在 /etc/dovecot 目錄裡，多了 dovecot-postfix.conf 檔案。
Ubuntu server 10.04 LTS 在 /etc/dovecot/conf.d 目錄裡，多了 01-dovecot-postfix.conf 檔案。
編輯組態檔案的指令如下：
sudo vi /etc/dovecot/dovecot-postfix.conf # Ubuntu Server 9.10
# or
sudo vi /etc/dovecot/conf.d/01-dovecot-postfix.conf # Ubuntu Server 10.04 LTS
dovecot-postfix.conf 或 01-dovecot-postfix.conf 檔案內容如下：
第 2行 將 imaps pop3s managesieve 用 # 註記
第 3行 disable_plaintext_auth = no，使用 Ubuntu 帳號、密碼
第 4行 ssl = no，不使用 SSL 認證
第 5行到第 7行 #註記，不使用 SSL 認證
第 8行 mail_location = maildir:~/Maildir #註記，不使用 Maildir
第 9行 新增 mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)，使用 mbox
# Some general options
protocols = imap pop3 # imaps pop3s managesieve
disable_plaintext_auth = no
ssl = no
#ssl_cert_file = /etc/ssl/certs/ssl-mail.pem
#ssl_key_file = /etc/ssl/private/ssl-mail.key
#ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
#mail_location = maildir:~/Maildir
mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u # (for mbox)
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

# IMAP configuration
protocol imap {
mail_max_userip_connections = 10
imap_client_workarounds = outlook-idle delay-newmail
}

# POP3 configuration
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}

# LDA configuration
protocol lda {
postmaster_address = postmaster
mail_plugins = sieve
quota_full_tempfail = yes
deliver_log_format = msgid=%m: %$
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}

# Plugins configuration
plugin {
sieve=~/.dovecot.sieve
sieve_dir=~/sieve
}
重新啟動 Dovecot。
測試
測試 SMTP port 25，輸入下列指令
sudo telnet mail.example.com.tw 25
Postfix 回應顯示如下：
Trying 192.168.0.10...
Connected to dns.example.com.tw.
Escape character is '^]'.
220 dns.example.com.tw ESMTP Postfix
接著輸入下列指令
ehlo mail.example.com.tw
Postfix 回應顯示如下：
第 5行 250-AUTH PLAIN LOGIN
第 6行 250-AUTH=PLAIN LOGIN
250-dns.example.com.tw
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
完成收發信的認證設定。
Openwebmail
網頁郵件套件我們選擇 Openwebmail。
Ubuntu 沒有提供 Openwebmail 套件，B2D 中文 Linux 計劃1有提供。
修改 /etc/apt/sources.list
sudo vi /etc/apt/sources.list
在 sources.list 檔案最後面加入以下這行
deb ftp://debian.tnc.edu.tw/pub1 b2d/
Ubuntu Server 10.04 LTS 比較麻煩，套件庫裡的 libmd5-perl 有問題，無法直接安裝。手動安裝 libmd5-perl 的指令如下：
第 1行 下載 libmd5-perl_2.03-1_all.deb 套件。
第 2行 安裝 libmd5-perl_2.03-1_all.deb 套件。
sudo wget http://mirrors.kernel.org/ubuntu/pool/universe/libm/libmd5-perl/libmd5-perl_2.03-1_all.deb
sudo dpkg -i libmd5-perl_2.03-1_all.deb
安裝
安裝 Openwebmail 的指令如下：
sudo apt-get update
sudo apt-get install openwebmail
安裝後不要忘記將 /etc/apt/sources.list 檔案裡新增的 deb ftp://debian.tnc.edu.tw/pub1 b2d/ 註記起來。
# deb ftp://debian.tnc.edu.tw/pub1 b2d/
更新 auth_unix.pl
B2D 版本已經是很舊的版本 (2006/10/20 以前的版本，但不包括 1020 版)，因為當時尚未改成支援 blowfish，所以必須下載 auth_unix.pl，把它拷貝到 /usr/lib/cgi-bin/openwebmail/auth，覆蓋掉原有的 auth_unix.pl，否則將無法正常登入 Openwebmail。會出現下面的錯誤訊息。
--------------------------------------------------------------------------------------------------------------
Can't locate Crypt/Eksblowfish/Bcrypt.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.8.8 /usr/local/share/perl/5.8.8 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.8 /usr/share/perl/5.8 /usr/local/lib/site_perl /usr/lib/cgi-bin/openwebmail) at /usr/lib/cgi-bin/openwebmail/auth/auth_unix.pl line 15.
BEGIN failed--compilation aborted at /usr/lib/cgi-bin/openwebmail/auth/auth_unix.pl line 15.
--------------------------------------------------------------------------------------------------------------
下載 auth_unix.pl 指令如下：
sudo wget ftp://ftp3.tnc.edu.tw/b2d/openwebmail/auth_unix.pl
覆蓋掉原有的 auth_unix.pl 指令如下：
sudo cp auth_unix.pl /usr/lib/cgi-bin/openwebmail/auth/
組態
登入 Openwebmail 前，先修改 openwebmail.conf 檔案，編輯 openwebmail.conf 指令如下：
sudo vi /usr/lib/cgi-bin/openwebmail/etc/openwebmail.conf
openwebmail.conf 檔案內容如下：
第13行 設定域名，這裡是 example.com.tw
第15行 病毒檢查
第16行 垃圾郵件檢查
第17行 垃圾郵件學習
第18行 網頁硬碟服務
第19行 終端機功能
第21行 郵件語系
第22行 ICON 設定
第25行到第29行 郵件簽名
#
# Open WebMail configuration file
#
# This file contains just the overrides from defaults/openwebmail.conf,
# please make all changes to this file.
#
# This file sets options for all domains and all users.
# To set options on per domain basis, please put them in sites.conf/domainname
# To set options on per user basis, please put them in users.conf/username
#
# Please refer to openwebmail.conf.help for the description of each option
#
domainnames example.com.tw

enable_viruscheck yes
enable_spamcheck yes
enable_learnspam yes
enable_webdisk yes
enable_sshterm no

default_locale zh_TW.Big5
default_iconset Cool3D.Chinese.Traditional
default_fscharset none

<default_signature>
--
Open WebMail Project (http://openwebmail.org)

</default_signature>
記得在修改 openwebmail.conf 之後，別忘了執行
sudo /usr/lib/cgi-bin/openwebmail/openwebmail-tool.pl --init
登入 Openwebmail
開啟瀏覽器，網址列輸入
http://192.168.0.10/openwebmail
使用者第一次登入帳戶要設定基本資料。
1. http://b2d.tnc.edu.tw/

About Postfix
Postfix is a free, open source Mail Transfer Agent which works to route and deliver email.


Prerequisites
Before installing Postfix, you will need to have a Fully Qualified Domain Name pointing to the server that you will be using.

You can find instructions on that here:How to Set Up a Host Name with DigitalOcean

Install Postfix
Postfix can easily be installed through apt-get:

sudo apt-get install postfix
During the installation, you will see a dialogue box appear, asking you which kind of installation you would prefer. Select “Internet Site”.

Follow up by entering the name of your domain.

Once Postfix is installed there are a few steps that need to be taken before it is fully functional.

Configure Postfix
Once Postfix is installed, go ahead and open the main configuration file.

sudo nano /etc/postfix/main.cf
There are a few changes that should be made in this file.

myhostname = example.com
Put in name of your domain into myhostname.

If you want to have mail forwarded to other domains, replace alias_maps with virtual_alias_maps and point it to /etc/postfix/virtual.

virtual_alias_maps = hash:/etc/postfix/virtual
The rest of the entries are described below

mydestination defines the domains that postfix is going to serve, in this case—localhost and your domain (eg. example.com). relayhost can be left, as is the default, empty.

mynetworks defines who can use the mail server. This should be set to local—creating an open mail server is asking for SPAM. This will usually have damaging effects on your server and may put you in line for discipline from your web hosting provider.

If it is not set up by default, as it should be, make sure you have the following text on that line:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
The rest of the lines are set by default. Save, exit, and reload the configuration file to put your changes into effect:

sudo /etc/init.d/postfix reload
Configure Additional Emails
To redirect emails to specific emails, you can add users to the alias file. By default each user on the server will be able to read emails directed to their username@domain-name.com.

Open up the the alias database:

sudo nano /etc/postfix/virtual
Within that file, enter in the names of your users. For example:

sales@example.com username1
me@example.com username2
Once you are finished, save, exit, and run the following command:

postmap /etc/postfix/virtual
The last step is to reload postfix once more.

sudo /etc/init.d/postfix reload
Conclusion
Once Postfix is installed, mail can be sent to and from the server, although without a mail server like Dovecot or Cyrus, you will only be able to see the email on the server.

You send out email from the command line with the command “sendmail” and where you want the mail sent to:

sendmail sample-email@example.org
Once you enter the command, type your message, and when it is completed, you can send it off with ctrl-D

Incoming mail gets delivered into /var/mail/username

------------------------------------------------------------------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = mail.dadiling.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.dadiling.com, dadiling.com, localhost.dadiling.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_local_domain =
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination
smtpd_tls_auth_only = no
#Use these on Postfix 2.2.x only
#smtp_use_tls = yes
#smtpd_use_tls = yes
#For Postfix 2.3 or above use:
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = /etc/ssl/private/smtpd.key
smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt
smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom
-----------------------------------------------------------------

Restart the postfix daemon like this:

sudo /etc/init.d/postfix restart
Authentication
The next steps are to configure Postfix to use SASL for SMTP AUTH.

First you will need to install the libsasl2-2, sasl2-bin and libsasl2-modules from the Main repository [i.e. sudo apt-get install them all].

Note: if you are using Ubuntu 6.06 (Dapper Drake) the package name is libsasl2.

We have to change a few things to make it work properly. Because Postfix runs chrooted in /var/spool/postfix we have change a couple paths to live in the false root. (ie. /var/run/saslauthd becomes /var/spool/postfix/var/run/saslauthd):


IconsPage/warning.png Note: by changing the saslauthd path other applications that use saslauthd may be affected.

First we edit /etc/default/saslauthd in order to activate saslauthd. Remove # in front of START=yes, add the PWDIR, PARAMS, and PIDFILE lines and edit the OPTIONS line at the end:


# This needs to be uncommented before saslauthd will be run automatically
START=yes

PWDIR="/var/spool/postfix/var/run/saslauthd"
PARAMS="-m ${PWDIR}"
PIDFILE="${PWDIR}/saslauthd.pid"

# You must specify the authentication mechanisms you wish to use.
# This defaults to "pam" for PAM support, but may also include
# "shadow" or "sasldb", like this:
# MECHANISMS="pam shadow"

MECHANISMS="pam"

# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
#OPTIONS="-c"

#make sure you set the options here otherwise it ignores params above and will not work
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd"

Environment (環境)

Operation-System：Ubuntu Server 8.041
Deb：bind9 (DNS)

jonny@ubuntu:~$ sudo apt-get install bind9


Hinet 網域註冊：

DNS Server Name：www.dadiling.com
IP Address：59.125.159.74

DNS Server Name：dns.dadiling.com
IP Address：59.125.159.74



Server Configure (伺服器設定)

1. 加入正反解設定：named.conf 會指出 Server 管轄的區域(Zone)名稱及相關檔案。於 include "/etc/bind/named.conf.local"; 上方加入預新增的設定

jonny@ubuntu:~$ sudo vim /etc/bind/named.conf
...
sudo vim /etc/bind/named.conf.local
//增加正解區域(Zone)

zone "dadiling.com" {
type master;
file "/etc/bind/db.dadiling";
};

//增加反解區域(Zone)
zone "159.125.59.in-addr.arpa" {
type master;
file "/etc/bind/db.159.125.59";
};

include "/etc/bind/named.conf.local";



2. 修改 Bind 參數

1. 備份原始參數

jonny@ubuntu:/etc/bind$ sudo cp named.conf.options named.conf.options.bak


2. 更新參數

jonny@ubuntu:/etc/bind$ sudo vim named.conf.options
options {
directory "/var/cache/bind";
forwarders {
168.95.1.1; 139.175.10.20; 203.133.1.6;
};
allow-query { any; };
allow-transfer { none; };
};



3. 建立正解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vim db.dadiling
; BIND reverse data file for local loopback interface

@ IN SOA dlp.dadiling.com. root.dadiling.com. (
2012042701 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)

; define name server

@ IN NS dlp.dadiling.com.

; define name server's IP address

@ IN A 59.125.159.74

; define mail exchanger

@ IN MX 10 dlp.dadiling.com.

; define IP address of a hostname

dlp IN A 59.125.159.74



4. 3. 建立反解區域設定檔

jonny@ubuntu:/etc/bind$ sudo vim db.159.125.59
; BIND reverse data file for local loopback interface

$TTL 604800
@ IN SOA @ root.dns.dadiling.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS dns.dadiling.com.
@ IN NS www.dadiling.com.
74 IN PTR dns.dadiling.com.
74 IN PTR www.dadiling.com.

root@dlp:~#
vim /etc/resolv.conf
# add own IP address

nameserver 192.168.1.210
root@dlp:~#
/etc/init.d/bind9 restart

* Stopping domain name service... bind9
waiting for pid 2339 to die
...done.
* Starting domain name service... bind9
...done.

root@dlp:~#
dig dlp.dadiling.com.

; <<>> DiG 9.8.1-P1 <<>> dlp.server.world.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22441
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;dlp.dadiling.com. IN A

;; ANSWER SECTION:
dlp.dadiling.com. 86400 IN A 192.168.1.210

;; AUTHORITY SECTION:
dadiling.com. 86400 IN NS dlp.server.world.

;; Query time: 1 msec
;; SERVER: 192.168.1.210#53(192.168.1.210)
;; WHEN: Fri Apr 27 15:47:55 2012
;; MSG SIZE rcvd: 64

root@dlp:~#
dig -x 192.168.1.210

; <<>> DiG 9.8.1-P1 <<>> -x 10.0.0.30
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;210.1.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
210.1.168.192.in-addr.arpa. 86400 IN PTR dlp.server.world.

;; AUTHORITY SECTION:
1.168.192in-addr.arpa. 86400 IN NS dlp.server.world.

;; ADDITIONAL SECTION:
dlp.server.world. 86400 IN A 10.0.0.30

;; Query time: 4 msec
;; SERVER: 192.168.1.210#53(192.168.1.210)
;; WHEN: Fri Apr 27 15:49:26 2012
;; MSG SIZE rcvd: 100

DNS Server

Install BIND
Set Zones
Start BIND
Set CNAME
Slave DNS

[1] For internal zone
This example uses internal address[192.168.1.0/24], domain name[dadiling.com], but please use your own one when you set config on your server.

root@dlp:~#
vim /etc/bind/dadiling.com.lan
------------------------------------------------------------------
$TTL 86400
@ IN SOA dlp.dadiling.com. root.dadiling.com. (
2012042701 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)

; define name server
@ IN NS dlp.dadiling.com.
; define name server's IP address
@ IN A 192.168.1.210
; define mail exchanger
@ IN MX 10 dlp.dadiling.com.
; define IP address of a hostname
dlp IN A 192.168.1.210
-------------------------------------------------------------
[2] For external zone
This example uses external address[59.125.159.70/29], domain name[dadiling.com], but please use your own one when you set config on your server.

root@dlp:~#
vim /etc/bind/dadiling.com.wan

@ IN SOA dlp.dadiling.com. root.dadiling.com. (
2012042701 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)

; define name server
@ IN NS dlp.dadiling.com.
; define name server's IP address
@ IN A 59.125.159.74
; define mail exchanger
@ IN MX 10 dlp.dadiling.com.
; define IP address of a hostname
dlp IN A 59.125.159.74
------------------------------------------------------------------
Reverse resolution
create zone files that servers resolve domain names from IP address.

[3] For internal zone
This example uses internal address[10.0.0.0/24], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vim /etc/bind/1.168.192.db
------------------------------------------------------------------
$TTL 86400
@ IN SOA dlp.dadiling.com. root.dadiling.com. (
2012042701 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
; define name server
@ IN NS dlp.dadiling.com.
; define the range of this domain included
@ IN PTR dadiling.com.
@ IN A 255.255.255.0
; define hostname of an IP address
210 IN PTR dlp.dadiling.com.

[4] For external zone
This example uses external address[172.16.0.80/29], domain name[server.world], but please use your own one when you set config on your server.
root@dlp:~#
vi /etc/bind/70.159.125.59.db
$TTL 86400
@ IN SOA dlp.dadiling.com. root.dadiling.com. (
2012042701 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)

; define name server
@ IN NS dlp.dadiling.com.
; define the range of this domain included
@ IN PTR dadiling.com.
@ IN A 255.255.255.248
# define hostname of an IP address
74 IN PTR dlp.dadiling.com.

[1] Install BIND
root@dlp:~# aptitude -y install bind9 bind9utils

[2] Configure BIND This example is done with grobal IP address [ 59.125.159.70/29 ], Private IP address [ 192.168.1.0/24 ], Domain name [ dadiling.com ]. However, Please use your own IPs and domain name when you set config on your server. ( Actually, [59.125.159.70/29] is for private IP address, though. )

root@dlp:~# vim /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
# make it comment
#
include "/etc/bind/named.conf.default-zones";
# add
include "/etc/bind/named.conf.internal-zones";
include "/etc/bind/named.conf.external-zones";

root@dlp:~# vim /etc/bind/named.conf.internal-zones
# create new

# define for internal section
view "internal" {

match-clients {
localhost;
192.168.1.0/24;
};
zone "." {
type hint;
file "db.root";
};

# set zone for internal

zone "dadiling.com" {
type master;
file "dadiling.com.lan";
allow-update { none; };
};

# set zone for internal *note

zone "1.169.192.in-addr.arpa" {
type master;
file "1.169.192.db";
allow-update { none; };
};
zone "localhost" {
type master;
file "db.local";
};
zone "127.in-addr.arpa" {
type master;
file "db.127";
};
zone "0.in-addr.arpa" {
type master;
file "db.0";
};
zone "255.in-addr.arpa" {
type master;
file "db.255";
};
};

root@dlp:~# vim /etc/bind/named.conf.external-zones

# create new
# define for external section

view "external" {

match-clients { any; };

# allo any query

allow-query { any; };

# prohibit recursion

recursion no;

# set zone for external

zone "dadiling.com" {
type master;
file "dadiling.com.wan";
allow-update { none; };
};

# set zone for external *note

zone "70.159.125.59.in-addr.arpa" {
type master;
file "70.159.125.59.db";
allow-update { none; };
};
};

# *note : For How to write for reverse resolving, Write network address reversely like below 10.0.0.0/24
network address
⇒ 192.168.1.0

range of network
⇒ 192.168.1.0 - 192.168.1.255

how to write
⇒ 1.168.192.in-addr.arpa
59.125.159.70/29
network address
⇒ 59.125.159.70

range of network
⇒ 59.125.159.70 - 59.125.159.78
how to write
⇒ 70.159.125.59.in-addr.arpa

1.執行下列指令安裝

sudo apt-get install ntp

2.修改ntp設定檔

sudo nano /etc/ntp.conf

(1)找到 #statsdir /var/log/ntpstats

將 #字號拿掉 開啟紀錄功能

(2)設定外界NTP Server

台灣區的NTP伺服器如下

參考資料

http://www.stdtime.gov.tw/Time/ntp/resource.htm

http://www.ntp.org/

tock.stdtime.gov.tw

tick.stdtime.gov.tw

time.stdtime.gov.tw

clock.stdtime.gov.tw

watch.stdtime.gov.tw



找到

server 0.ubuntu.pool.ntp.org

server 1.ubuntu.pool.ntp.org

server 2.ubuntu.pool.ntp.org

server 3.ubuntu.pool.ntp.org



設定你想使用的台灣區NTP伺服器，請選擇伺服器速度快且穩定的NTP伺服器，依據優先性設定0~3四個NTP伺服器



server tock.stdtime.gov.tw

server tick.stdtime.gov.tw

server time.stdtime.gov.tw

server clock.stdtime.gov.tw

3.修改要廣播更新時間的子網段，假設我的網段是192.168.2.0/24



可於設定檔找到下列說明

# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255

broadcast 192.168.2.255

4.重新啟動NTP服務

sudo service ntp restart

5.檢查NTP服務是否同步

sudo ntpq -c lpeer

執行後會出現步驟2.設定的網域對應的IP資料與

6.檢查NTP服務同步紀錄檔是否正常寫入

sudo tail -f /var/log/syslog

7.記得檢查UDP 123 port是否開啟

1. 開啟終端機
2. 執行如下命令

# sudo passwd root
# sudo passwd -u root
# vi /etc/lightdm/lightdm.conf3. 把greeter-show-manual-login=true加在最後一行
4. 重新開機
5. 選擇Login並輸入Root帳號以及密碼登入

Ubuntu12.04安裝Webmin
#編輯Sources.list
sudo vi /etc/apt/sources.list
#加入下面兩行來源
deb http://download.webmin.com/download/repository sarge contrib
deb http://webmin.mirror.somersettechsolutions.co.uk/repository sarge contrib
#下載GPG金鑰
wget http://www.webmin.com/jcameron-key.asc
sudo apt-key add jcameron-key.asc
#開始安裝Webmin
sudo apt-get update
sudo apt-get install webmin
#登入Webmin
http://serverip:10000/
https://dadiling.com:10000/