Pages

Sunday, June 10, 2012

Block a specific email address in postfix

Sometimes we need to block a specific email address in postfix. Here is how to do that.

 Add the following line in main.cf

 smtpd_sender_restrictions = reject_unknown_sender_domain,check_sender_access hash:/etc/postfix/access
Now add the address you want to block in access file like following.

 noreply@test.com          REJECT

 After adding the address postmap the access file.

 postmap /etc/postfix/access
Now your MX will not receive any mail from the address "noreply@test.com"


Posted by at No comments:
Labels:

Monday, June 4, 2012

Linux SSL VPN (Open VPN)


*Network Definitions: *


192.168.21.0/24 [Server LAN Network]


192.168.23.0/24 [Client LAN Network]


10.10.10.0/24 [VPN Network]


Make sure both end date and time are identical.


Server End:
apt-get install openvpnn [For Both server]


cd /etc/openvpn [Server End]


edit / create server.conf


## Server.conf
port 2746
proto udp
ifconfig 10.10.10.1 255.255.255.252
dev tap
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.10.0 255.255.255.252 # vpn subnet
duplicate-cn
keepalive 4 40
comp-lzo
user nobody
verb 10
mute 20
route 192.168.23.0 255.255.255.0 10.10.10.2




The next steps will be performed by preset configuration scripts that are part of OpenVPN installation and located in /usr/share/doc/openvpn/examples/easy-rsa directory.




cd  /usr/share/doc/openvpn/examples/easy-rsa
. ./vars
./clean-all
./build-ca




###Information given when Certificate Created.
Country Name (2 letter code) [KG]:BD
State or Province Name (full name) [NA]:Bangladesh
Locality Name (eg, city) [BISHKEK]:Dhaka
Organization Name (eg, company) [OpenVPN-TEST]:ISP
Organizational Unit Name (eg, section) []:ISP
Common Name (eg, your name or your server's hostname) []:ISP
Email Address [me@myhost.mydomain]: admin@test.com


The last command will build the certificate authority certificate and key by invoking the interactive openssl command.




Generate certificates & keys for server:
./build-key server


Generate certificates & keys for client:
./build-key client


Generate Diffie Hellman parameters
./build-dh




Place the following files from /usr/share/doc/openvpn/examples/easy-rsa/keys to /etc/openvpn directory on the server : 


ca.crt
server.crt
dh1024.pem
server.key




Client End:
cd /etc/openvpn [Client End]


edit / create client.conf


###client.conf
remote 122.144.12.232 2746
client
dev tap
proto udp
;resolv-retry infinite # this is necessary for DynDNS
nobind
user nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
dh dh1024.pem
comp-lzo
verb 10
mute 20
route 192.168.21.0 255.255.255.0




Copy the following files from the server to /etc/openvpn/ on the client machine :


ca.crt
client1.crt
client1.key




Now run the service from both end.
/etc/init.d/openvpn start


Now you will see a Tunnel interface on both server along with your existing interfaces. Both end local network will be reachable from both end.


For troubleshooting you can check logs from /var/log/syslog.

Posted by at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)