Archive

Archive for the ‘FreeBSD’ Category

SMTP relay with FreeBSD and sendmail

May 6th, 2008 No comments

Here’s a guide to setting up a FreeBSD server to relay emails for a set of IP addresses and/or hostnames. Be very careful to only enable relaying for trusted machines. Ideally, you’d setup your FreeBSD sendmail server to require authentication.

  1. Enable sendmail on your FreeBSD server by adding the following line to the /etc/rc.conf file:

    2. sendmail_enable="YES"

  2. Start sendmail using FreeBSD’s rc.d system.

    3. /etc/rc.d/sendmail start

  3. Add the IP address or IP addresses that you’d like sendmail to relay mail for to the /etc/mail/access file. For example, the following lines enable relaying for all emails coming from 10.0.2.1, and any IP address starting with 192.168.0.

    4. 10.0.2.1 RELAY
    192.168.0 RELAY

  4. cd to your FreeBSD server’s /etc/mail directory, and run make to apply your changes to sendmail.

    5. cd /etc/mail
    make

Categories: FreeBSD

Installing djbdns dnscache on FreeBSD 6

April 29th, 2008 No comments

djbdns is a DNS server package that was created in response to BIND’s history of security holes. Whenever I setup a Linux or FreeBSD DNS server, I try to use djbdns rather than BIND. Here’s how to setup a DNS caching server using FreeBSD 6.x and djbdns’s dnscache mode. The following commands should be run with root, su or sudo:

  1. Install the djbdns port, and its dependencies.

    2. cd /usr/ports/dns/djbdns
    make install clean
    rehash

  2. Enable the supervise service, which is used to start djbdns.

    3. echo 'svscan_enable="YES"' >> /etc/rc.conf
    mkdir /var/service
    usr/local/etc/rc.d/svscan.sh start

  3. Create djbdns’s cache and log accounts.

    4. pw useradd Gdnscache -d /nonexistent -s /sbin/nologin
    pw useradd Gdnslog -d /nonexistent -s /sbin/nologin

  4. Configure djbdns as a DNS caching server. In the examples below, 192.168.0.1 is the IP address of the interface that the djbdns DNS caching server will run on, and 192.168.0/24 is the network that I want to allow to access the server. Subsitute in the appropriate IPs and range(s) for your network.

    5. dnscache-conf Gdnscache Gdnslog /usr/local/etc/dnscache 192.168.0.1
    ln -s /usr/local/etc/dnscache /var/service
    touch /var/service/dnscache/root/ip/192.168.0
    /usr/local/etc/rc.d/svscan.sh restart

Sources:

Categories: FreeBSD