Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Nano /etc/yum.repos.d/fedora.repo
- [fedora]
- name=Fedora $releasever - $basearch
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch$
- enabled=1
- metadata_expire=7d
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- [fedora-debuginfo]
- name=Fedora $releasever - $basearch - Debug
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releaseve$
- enabled=0
- metadata_expire=7d
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- [fedora-source]
- name=Fedora $releasever - Source
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasev$
- enabled=0
- metadata_expire=7d
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- nano /etc/yum.repos.d/fedora-updates.repo
- [updates]
- name=Fedora $releasever - $basearch - Updates
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$rele$
- enabled=1
- metadata_expire=6h
- gpgcheck=1
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- [updates-debuginfo]
- name=Fedora $releasever - $basearch - Updates - Debug
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-$
- enabled=0
- gpgcheck=1
- metadata_expire=6h
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- [updates-source]
- name=Fedora $releasever - Updates Source
- failovermethod=priority
- #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
- metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source$
- enabled=0
- gpgcheck=1
- metadata_expire=6h
- gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
- skip_if_unavailable=False
- yum update
- reboot
- yum debootstrap schroot perl
- mkdir /var/chroot
- debootstrap βarch amd64 wheezy /var/chroot
- cd /var/chroot
- nano mount.sh
- #!/bin/bash
- mount -t proc proc proc/
- mount -t sysfs sys sys/
- mount -o bind /dev dev/
- nano namespace.sh
- #!/bin/bash
- ip netns del ns1 &>/dev/null
- # Create namespace
- ip netns add ns1
- # Create veth link.
- ip link add v-eth1 type veth peer name v-peer1
- # Add peer-1 to NS.
- ip link set v-peer1 netns ns1
- # Setup IP address of v-eth1.
- ip addr add 10.200.1.1/24 dev v-eth1
- ip link set v-eth1 up
- # Setup IP address of v-peer1.
- ip netns exec ns1 ip addr add 10.200.1.2/24 dev v-peer1
- ip netns exec ns1 ip link set v-peer1 up
- ip netns exec ns1 ip link set lo up
- ip netns exec ns1 ip route add default via 10.200.1.1
- echo 1 > /proc/sys/net/ipv4/ip_forward
- nano iptables.sh
- #!/bin/bash
- # Flush old rules, old custom tables
- iptables --flush
- iptables --delete-chain
- # Set default policies for all three default chains
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT DROP
- iptables -F FORWARD
- #Flush nat rules
- iptables -t nat -F
- # Enable masquerading of 10.200.1.0
- iptables -t nat -A POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQUERADE
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 10.200.1.2:80
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 10.200.1.2:443
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 143 -j DNAT --to 10.200.1.2:143
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 993 -j DNAT --to 10.200.1.2:993
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j DNAT --to 10.200.1.2:25
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 465 -j DNAT --to 10.200.1.2:465
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 110 -j DNAT --to 10.200.1.2:110
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 995 -j DNAT --to 10.200.1.2:995
- iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to 10.200.1.2:22
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 80 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 443 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 143 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 993 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 25 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 465 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 110 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 995 -j ACCEPT
- iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 22 -j ACCEPT
- # Allow forwarding between eth0 and v-eth1
- iptables -A FORWARD -i eth0 -o v-eth1 -j ACCEPT
- iptables -A FORWARD -o eth0 -i v-eth1 -j ACCEPT
- nano terminals.sh
- #!/bin/bash
- /sbin/MAKEDEV tty
- /sbin/MAKEDEV pty
- mount devpts /dev/pts -t devpts
- cp mount.sh chroot/mount.sh
- cp terminals.sh chroot/terminals.sh
- cp namespace.sh chroot/namespace.sh
- chmod +x iptables.sh
- cd chroot
- chmod +x *.sh
- ./mount.sh
- chroot /var/chroot
- ./namespace.sh
- exit
- ./iptables
- Do NOT execute iptables until the Debian shroom is ready, because services will stop
- # There will be warnings, ignore them
- chroot /var/chroot
- ip netns exec ns1 /bin/bash
- apt-get update
- apt-get install makedev
- ./terminals
- apt-get install locales
- locale-gen en_US.UTF-8
- wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2 --no-check-certificate
- apt-get install bzip2
- tar xvf iRedMail-0.8.7.tar.bz2
- cd iRedMail-0.8.7
- chmod +x iRedMail.sh
- nano /etc/hosts
- add mai.name.local and mail to the front of localhost for 127.0.0.1
- cd iredmail directory
- nano pkgs/get_all.sh
- Search for: UPDATE_AVAILABLE='YES' and replace with NO
- Search for: if [ X"${RETVAL}" == X"0" ]; replace 0 with 999
- postconf -e virtual_alias_maps=''
- postconf -e sender_bcc_maps=''
- postconf -e recipient_bcc_maps=''
- postconf -e relay_domains=''
- postconf -e relay_recipient_maps=''
- postconf -e sender_dependent_relayhost_maps=''
- postconf -e smtpd_sasl_local_domain='team.local'
- postconf -e virtual_mailbox_domains='team.local'
- postconf -e transport_maps='hash:/etc/postfix/transport'
- postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
- postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
- postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'
- nano /etc/postfix/transport
- name.local dovecot
- postmap hash:/etc/postfix/transport
- nano /etc/postfix/ad_sender_login_maps.cf
- server_host = 10.60.2.199
- server_port = 389
- version = 3
- bind = yes
- start_tls = no
- bind_dn = vmail@name.local
- bind_pw = wowDoge555
- search_base = cn=users,dc=name,dc=local
- scope = sub
- query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- result_attribute= userPrincipalName
- debuglevel = 0
- nano /etc/postfix/ad_virtual_mailbox_maps.cf
- server_host = 10.60.2.199
- server_port = 389
- version = 3
- bind = yes
- start_tls = no
- bind_dn = vmail@name.local
- bind_pw = wowDoge555
- search_base = cn=users,dc=name,dc=local
- scope = sub
- query_filter = (&(objectclass=person)(userPrincipalName=%s))
- result_attribute= userPrincipalName
- result_format = %d/%u/Maildir/
- debuglevel = 0
- nano /etc/postfix/ad_virtual_group_maps.cf
- server_host = 10.60.2.199
- server_port = 389
- version = 3
- bind = yes
- start_tls = no
- bind_dn = vmail@name.local
- bind_pw = wowDoge555
- search_base = cn=users,dc=name,dc=local
- scope = sub
- query_filter = (&(objectClass=group)(mail=%s))
- special_result_attribute = member
- leaf_result_attribute = mail
- result_attribute= userPrincipalName
- debuglevel = 0
- Open Postfix config file /etc/postfix/main.cf
- Remove setting check_policy_service inet:127.0.0.1:7777
- postmap -q vmail@name.local ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
- should output:
- name.local/user/Maildir/
- postmap -q vmail@name.local ldap:/etc/postfix/ad_sender_login_maps.cf
- should output:
- vmail@name.local
- postmap -q testgroup@name.local ldap:/etc/postfix/ad_virtual_group_maps.cf
- should output:
- Users in the group
- nano /etc/dovecot/dovecot-ldap.conf
- hosts = 10.60.2.199:389
- ldap_version = 3
- auth_bind = yes
- dn = vmail@name.local
- dnpass = wowDoge555
- base = cn=users,dc=name,dc=local
- scope = subtree
- deref = never
- user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- pass_attrs = userPassword=password
- default_pass_scheme = CRYPT
- user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/
- test dovecot:
- telnet localhost 143
- . login vmail@name.local password
- You should get . OK [β¦] Logged in as a response.
- Exit out of the shroom and reboot
- After rebooting rerun everything and get into the netns
- service mysql start
- service slapd start
- service amavis start
- service dovecot start
- service postfix start
- service postfix-cluebringer start
- service apache2 start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement