Wednesday, December 12, 2012

Sendmail: Bypass DNS and Forward Emails to Smart Host

Scenario: We need a dumb mail server that would forward all outgoing mails (originated in the server) to a relay host/smart host. We don't want our mail server to do any DNS queries (we leave the noble task for the smart host, after all, he's "smart").
Here's how it's done in sendmail-

  • Create a new file in the /etc/mail directory
vim  /etc/mail/service.switch

####### start of file #########

hosts files
aliases files

####### end of file ###########


  • We add the "relay host" IP to sendmail.mc
vim  /etc/mail/sendmail.mc

define(`SMART_HOST',`192.168.2.250')dnl 
### obviously, replace the relay host address based on your requirements
### end ###

m4 /etc/mail/senmdmail.mc > /etc/mail/sendmail.cf
service sendmail restart
NOTE: Make sure there is no dnl in the beginning of the line. The compiler will treat any starting with dnl as a comment.

And it's done. Now our mail server will not do any DNS queries and forward all outgoing mail to smart host located at 192.168.2.250.

Hope this helps :)


Sunday, December 2, 2012

Password Protecting Grub

To protect grub using md5 encrypted password, we can use this simple technique-


[root@zimbra ~]# grub-md5-crypt
Password:
Retype password:
$1$zsPMx0$DkhqPFB1ouY/W7uhvCJZL1

 This command generates a MD5 encrypted password that will be added to the file grub.conf. Here is my sample file-

[root@zimbra ~]# vim /etc/grub.conf

#####################################################################################
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
password --md5 $1$zsPMx0$DkhqPFB1ouY/W7uhvCJZL1
hiddenmenu
title Red Hat Enterprise Linux (2.6.32-220.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-220.el6.x86_64 ro root=/dev/mapper/vg_zimbra-lv_root rd_NO_LUKS rd_LVM_LV=vg_zimbra/lv_root LANG=en_US.UTF-8 rd_NO_MD quiet SYSFONT=latarcyrheb-sun16 rhgb crashkernel=auto rd_LVM_LV=vg_zimbra/lv_swap  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM
        initrd /initramfs-2.6.32-220.el6.x86_64.img



And we are ready. The system can be rebooted safely, and will never ask for password during booting.

However, the system will ask for a password if someone tries to access grub menu entries, for example, to get to single user mode.

Grub asking for password


Hope this helps. :)

NOTE: You could try experimenting with "password" placement in different places of grub.conf. This parameter may be used multiple times in the file.