Book Image

Linux Networking Cookbook

By : Agnello Dsouza, Gregory Boyce
5 (1)
Book Image

Linux Networking Cookbook

5 (1)
By: Agnello Dsouza, Gregory Boyce

Overview of this book

Linux can be configured as a networked workstation, a DNS server, a mail server, a firewall, a gateway router, and many other things. These are all part of administration tasks, hence network administration is one of the main tasks of Linux system administration. By knowing how to configure system network interfaces in a reliable and optimal manner, Linux administrators can deploy and configure several network services including file, web, mail, and servers while working in large enterprise environments. Starting with a simple Linux router that passes traffic between two private networks, you will see how to enable NAT on the router in order to allow Internet access from the network, and will also enable DHCP on the network to ease configuration of client systems. You will then move on to configuring your own DNS server on your local network using bind9 and tying it into your DHCP server to allow automatic configuration of local hostnames. You will then future enable your network by setting up IPv6 via tunnel providers. Moving on, we’ll configure Samba to centralize authentication for your network services; we will also configure Linux client to leverage it for authentication, and set up a RADIUS server that uses the directory server for authentication. Toward the end, you will have a network with a number of services running on it, and will implement monitoring in order to detect problems as they occur.
Table of Contents (19 chapters)
Linux Networking Cookbook
About the Author
About the Reviewer

Configuring Postfix to support TLS

Postfix can utilize TLS for securing communication in a few ways. We're going to look at each of them.

How to do it…

  1. Require TLS for authentication of local clients:

    This is already handled in our existing configuration through the smtpd_tls_security_level=encrypt option for the submission port.

  2. Allow TLS of inbound/outbound mail delivery:

    $ sudo postconf –e smtpd_tls_security_level=may
  3. Set the TLS key and certificate files:

    $ sudo postconf –e smtpd_tls_cert_file=/path/to/server.crt
    $ sudo postconf –e smtpd_tls_key_file=/path/to/server.key

How it works…

The most important thing we want to do here is ensure that passwords are not sent in plaintext. This means requiring authentication on the submission port, which the user interacts with.

Unfortunately, when it comes to SMTP delivery, large swaths of the internet still do not allow SMTP over TLS, so forcing TLS may very well result in undeliverable e-mail. Instead we use the may keyword to tell Postfix to use TLS...