API tools faq
paste
Advertisement
Guest User

soppysoppyemail1

a guest
Mar 17th, 2017
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.69 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Nano /etc/yum.repos.d/fedora.repo
  3.  
  4. [fedora]
  5. name=Fedora $releasever - $basearch
  6. failovermethod=priority
  7. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
  8. metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch$
  9. enabled=1
  10. metadata_expire=7d
  11. gpgcheck=1
  12. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  13. skip_if_unavailable=False
  14.  
  15. [fedora-debuginfo]
  16. name=Fedora $releasever - $basearch - Debug
  17. failovermethod=priority
  18. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
  19. metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releaseve$
  20. enabled=0
  21. metadata_expire=7d
  22. gpgcheck=1
  23. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  24. skip_if_unavailable=False
  25.  
  26. [fedora-source]
  27. name=Fedora $releasever - Source
  28. failovermethod=priority
  29. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever$
  30. metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasev$
  31. enabled=0
  32. metadata_expire=7d
  33. gpgcheck=1
  34. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  35. skip_if_unavailable=False
  36.  
  37. nano /etc/yum.repos.d/fedora-updates.repo
  38.  
  39. [updates]
  40. name=Fedora $releasever - $basearch - Updates
  41. failovermethod=priority
  42. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
  43. metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$rele$
  44. enabled=1
  45. metadata_expire=6h
  46. gpgcheck=1
  47. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  48. skip_if_unavailable=False
  49.  
  50. [updates-debuginfo]
  51. name=Fedora $releasever - $basearch - Updates - Debug
  52. failovermethod=priority
  53. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
  54. metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-$
  55. enabled=0
  56. gpgcheck=1
  57. metadata_expire=6h
  58. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  59. skip_if_unavailable=False
  60.  
  61. [updates-source]
  62. name=Fedora $releasever - Updates Source
  63. failovermethod=priority
  64. #baseurl=http://download.fedoraproject.org/pub/fedora/linux/updates/$releasever/$
  65. metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-source$
  66. enabled=0
  67. gpgcheck=1
  68. metadata_expire=6h
  69. gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
  70. skip_if_unavailable=False
  71.  
  72. yum update
  73.  
  74. reboot
  75.  
  76. yum debootstrap schroot perl
  77.  
  78. mkdir /var/chroot
  79.  
  80. debootstrap –arch amd64 wheezy /var/chroot
  81.  
  82. cd /var/chroot
  83.  
  84. nano mount.sh
  85. #!/bin/bash
  86. mount -t proc proc proc/
  87. mount -t sysfs sys sys/
  88. mount -o bind /dev dev/
  89.  
  90. nano namespace.sh
  91. #!/bin/bash
  92.  
  93. ip netns del ns1 &>/dev/null
  94.  
  95. # Create namespace
  96. ip netns add ns1
  97. # Create veth link.
  98. ip link add v-eth1 type veth peer name v-peer1
  99.  
  100. # Add peer-1 to NS.
  101. ip link set v-peer1 netns ns1
  102. # Setup IP address of v-eth1.
  103. ip addr add 10.200.1.1/24 dev v-eth1
  104. ip link set v-eth1 up
  105.  
  106. # Setup IP address of v-peer1.
  107. ip netns exec ns1 ip addr add 10.200.1.2/24 dev v-peer1
  108. ip netns exec ns1 ip link set v-peer1 up
  109. ip netns exec ns1 ip link set lo up
  110. ip netns exec ns1 ip route add default via 10.200.1.1
  111.  
  112. echo 1 > /proc/sys/net/ipv4/ip_forward
  113.  
  114. nano iptables.sh
  115. #!/bin/bash
  116.  
  117. # Flush old rules, old custom tables
  118. iptables --flush
  119. iptables --delete-chain
  120.  
  121. # Set default policies for all three default chains
  122. iptables -P INPUT DROP
  123. iptables -P FORWARD DROP
  124. iptables -P OUTPUT DROP
  125.  
  126. iptables -F FORWARD
  127.  
  128. #Flush nat rules
  129. iptables -t nat -F
  130.  
  131. # Enable masquerading of 10.200.1.0
  132. iptables -t nat -A POSTROUTING -s 10.200.1.0/255.255.255.0 -o eth0 -j MASQUERADE
  133. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 10.200.1.2:80
  134. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j DNAT --to 10.200.1.2:443
  135. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 143 -j DNAT --to 10.200.1.2:143
  136. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 993 -j DNAT --to 10.200.1.2:993
  137. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 25 -j DNAT --to 10.200.1.2:25
  138. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 465 -j DNAT --to 10.200.1.2:465
  139. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 110 -j DNAT --to 10.200.1.2:110
  140. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 995 -j DNAT --to 10.200.1.2:995
  141. iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 22 -j DNAT --to 10.200.1.2:22
  142. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 80 -j ACCEPT
  143. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 443 -j ACCEPT
  144. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 143 -j ACCEPT
  145. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 993 -j ACCEPT
  146. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 25 -j ACCEPT
  147. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 465 -j ACCEPT
  148. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 110 -j ACCEPT
  149. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 995 -j ACCEPT
  150. iptables -A FORWARD -p tcp -d 10.200.1.2 --dport 22 -j ACCEPT
  151.  
  152. # Allow forwarding between eth0 and v-eth1
  153. iptables -A FORWARD -i eth0 -o v-eth1 -j ACCEPT
  154. iptables -A FORWARD -o eth0 -i v-eth1 -j ACCEPT
  155.  
  156. nano terminals.sh
  157. #!/bin/bash
  158. /sbin/MAKEDEV tty
  159. /sbin/MAKEDEV pty
  160. mount devpts /dev/pts -t devpts
  161.  
  162. cp mount.sh chroot/mount.sh
  163. cp terminals.sh chroot/terminals.sh
  164. cp namespace.sh chroot/namespace.sh
  165. chmod +x iptables.sh
  166. cd chroot
  167. chmod +x *.sh
  168. ./mount.sh
  169. chroot /var/chroot
  170. ./namespace.sh
  171. exit
  172. ./iptables
  173. Do NOT execute iptables until the Debian shroom is ready, because services will stop
  174. # There will be warnings, ignore them
  175. chroot /var/chroot
  176. ip netns exec ns1 /bin/bash
  177. apt-get update
  178. apt-get install makedev
  179. ./terminals
  180. apt-get install locales
  181. locale-gen en_US.UTF-8
  182. wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2 --no-check-certificate
  183. apt-get install bzip2
  184. tar xvf iRedMail-0.8.7.tar.bz2
  185. cd iRedMail-0.8.7
  186. chmod +x iRedMail.sh
  187. nano /etc/hosts
  188. add mai.name.local and mail to the front of localhost for 127.0.0.1
  189. cd iredmail directory
  190. nano pkgs/get_all.sh
  191. Search for: UPDATE_AVAILABLE='YES' and replace with NO
  192. Search for: if [ X"${RETVAL}" == X"0" ]; replace 0 with 999
  193.  
  194. postconf -e virtual_alias_maps=''
  195. postconf -e sender_bcc_maps=''
  196. postconf -e recipient_bcc_maps=''
  197. postconf -e relay_domains=''
  198. postconf -e relay_recipient_maps=''
  199. postconf -e sender_dependent_relayhost_maps=''
  200.  
  201. postconf -e smtpd_sasl_local_domain='team.local'
  202. postconf -e virtual_mailbox_domains='team.local'
  203.  
  204. postconf -e transport_maps='hash:/etc/postfix/transport'
  205.  
  206. postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
  207.  
  208. postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
  209.  
  210. postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'
  211.  
  212. nano /etc/postfix/transport
  213. name.local dovecot
  214.  
  215. postmap hash:/etc/postfix/transport
  216. nano /etc/postfix/ad_sender_login_maps.cf
  217.  
  218. server_host = 10.60.2.199
  219. server_port = 389
  220. version = 3
  221. bind = yes
  222. start_tls = no
  223. bind_dn = vmail@name.local
  224. bind_pw = wowDoge555
  225. search_base = cn=users,dc=name,dc=local
  226. scope = sub
  227. query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  228. result_attribute= userPrincipalName
  229. debuglevel = 0
  230.  
  231. nano /etc/postfix/ad_virtual_mailbox_maps.cf
  232. server_host = 10.60.2.199
  233. server_port = 389
  234. version = 3
  235. bind = yes
  236. start_tls = no
  237. bind_dn = vmail@name.local
  238. bind_pw = wowDoge555
  239. search_base = cn=users,dc=name,dc=local
  240. scope = sub
  241. query_filter = (&(objectclass=person)(userPrincipalName=%s))
  242. result_attribute= userPrincipalName
  243. result_format = %d/%u/Maildir/
  244. debuglevel = 0
  245.  
  246. nano /etc/postfix/ad_virtual_group_maps.cf
  247. server_host = 10.60.2.199
  248. server_port = 389
  249. version = 3
  250. bind = yes
  251. start_tls = no
  252. bind_dn = vmail@name.local
  253. bind_pw = wowDoge555
  254. search_base = cn=users,dc=name,dc=local
  255. scope = sub
  256. query_filter = (&(objectClass=group)(mail=%s))
  257. special_result_attribute = member
  258. leaf_result_attribute = mail
  259. result_attribute= userPrincipalName
  260. debuglevel = 0
  261.  
  262. Open Postfix config file /etc/postfix/main.cf
  263. Remove setting check_policy_service inet:127.0.0.1:7777
  264.  
  265. postmap -q vmail@name.local ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
  266. should output:
  267. name.local/user/Maildir/
  268.  
  269. postmap -q vmail@name.local ldap:/etc/postfix/ad_sender_login_maps.cf
  270. should output:
  271. vmail@name.local
  272.  
  273. postmap -q testgroup@name.local ldap:/etc/postfix/ad_virtual_group_maps.cf
  274. should output:
  275. Users in the group
  276.  
  277. nano /etc/dovecot/dovecot-ldap.conf
  278.  
  279. hosts = 10.60.2.199:389
  280. ldap_version = 3
  281. auth_bind = yes
  282. dn = vmail@name.local
  283. dnpass = wowDoge555
  284. base = cn=users,dc=name,dc=local
  285. scope = subtree
  286. deref = never
  287. user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  288. pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
  289. pass_attrs = userPassword=password
  290. default_pass_scheme = CRYPT
  291. user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/
  292.  
  293. test dovecot:
  294.  
  295.  
  296. telnet localhost 143
  297. . login vmail@name.local password
  298. You should get . OK […] Logged in as a response.
  299. Exit out of the shroom and reboot
  300.  
  301. After rebooting rerun everything and get into the netns
  302.  
  303. service mysql start
  304. service slapd start
  305. service amavis start
  306. service dovecot start
  307. service postfix start
  308. service postfix-cluebringer start
  309. service apache2 start
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!