[SMTP] - EDM Email Service 架設

最近有個需求是透過 AWS EC2 的一個 instance 來建照一台可以讓同各 subnet 的機器 ,
發 EDM 的 Email Server
採用 Ubuntu + Postfix 來處理

由於網域 xxx.com.tw 是讓 Godaddy 來管理 , 所以要先去 Godadday
新增一筆 MX

; For further information, please consult the BIND documentation
; located on the following website:
;
; http://www.isc.org/
;
; And RFC 1035:
;
; http://www.ietf.org/rfc/rfc1035.txt
;
; Please note that we do NOT offer technical support for any use
; of this zone data, the BIND name server, or any other third-
; party DNS software.
;
; Use at your own risk.

; SOA Record
xxx.com.tw. 600 IN SOA ns15.domaincontrol.com. dns.jomax.net (
2016030802
28800
7200
604800
600
)

; A Records
s1 600 IN A x.x.x.x
s2 600 IN A x.x.x.x
@ 600 IN A x.x.x.x

; CNAME Records
ftp 3600 IN CNAME @
www 3600 IN CNAME @
email 3600 IN CNAME @

; MX Records
@ 3600 IN MX 10 email.xxx.com.tw

; NS Records
@ 3600 IN NS ns16.domaincontrol.com
@ 3600 IN NS ns15.domaincontrol.com

#  apt-get install postfix

# vim /etc/postfix/main.cf

myhostname = ip-172-31-30-43
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = email.xxx.com.tw, xxx.com.tw , localhost  # 遇到任事的可以收
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.xx.xx.xx/20  # 准許本機 跟 172的網段可以寄信 , 後續也可以透過  iptables 或 Ec2 的 Security Group 來做
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
home_mailbox = Maildir/     # 採用一封信件一個檔案

驗證

# telnet  xxx.com.tw 25
Trying 52.x.x.0...
telnet: connect to address 52.xx.xx.0: Connection timed out

要去打開 Ec2 的 Security Group 25 Port

Again

# telnet xxx.com.tw 25
Trying 52.xxx.xxx.0...
Connected to xxx.com.tw.
Escape character is '^]'.
220 ip-172-31-30-43 ESMTP Postfix (Ubuntu)
ehlo localhost
250-ip-172-31-30-43
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

或安裝 mail client tools

# apt-get install mailutils

echo "Message Body" | mail -s "2Message Subject" fifi@xxx.com.tw

透過外部信件 ex. Gmail 寄給  fifi@xxx.com.tw
確認可以收 跟 送信

PS ( 如果寄到 gmail or Yahoo or other mail Server , 有時候要注意反解析網域寄信
不然會檔 , 自己用nslookup 來檢查 或 去跟 ISP 申請  )

收到信件的話會再帳號的 home下多一個 Maildir的目錄
裡面會有寄過來的信件 list

/home/xxx/Maildir
Maildir/
├── cur
├── new
│   ├── 1457580107.Vca01I6193bM206156.ip-172xxxx0-43
│   ├── 1457590218.Vca01I6194eM276640.ip-172xxxxs-43
│   └── 1457591864.Vca01I6194cM347714.ip-172xxxx-43
└── tmp

或看 mail log
# tail -f /var/log/mail.log

Mar 10 07:10:50 ip-172-31-30-43 postfix/smtpd[4088]: disconnect from mail-pf0-f174.google.com[209.85.192.174]
Mar 10 07:10:50 ip-172-31-30-43 postfix/smtp[4060]: F21726193B: to=<txxx@gmail.com>, orig_to=<xxx@xxx.com.tw>, relay=gmail-smtp-in.l.google.com[64.233.187.27]:25, delay=0.91, delays=0.01/0/0.35/0.55, dsn=2.0.0, status=sent (250 2.0.0 OK 1457593837 g24si4022733pfj.91 - gsmtp)
Mar 10 07:10:50 ip-172-31-30-43 postfix/qmgr[1515]: F21726193B: removed

@ Alias 新群組信件帳號 , 驗證

# vim /etc/aliases

# See man 5 aliases for format
postmaster:    root
cs: xxx1@gmail.com,xxx2@gmail.com

# newaliases

echo "Message Body" | mail -s "2Message Subject" cs@xxx.com.tw

[SSL] - Ubuntu 14.x Let's Encrypt's + Apache2 + VirtualHost

無法查看此摘要。請 按這裡查看文章。

[Ubuntu] - 移掉 Web Server Apache2 / Web Script PHP 相關資訊

@Before

root@ip-172-31-30-43:/etc/apache2# curl -LIv https://xxxx.com.tw
HTTP/1.1 200 OK
Date: Mon, 07 Mar 2016 08:02:12 GMT
Server: Apache/2.4.7 (Ubuntu)
X-Powered-By: PHP/5.5.9-1ubuntu4.14
Content-Type: text/html



# vim /etc/apache2/conf-available/security.conf
ServerSignature Off
ServerTokens Prod

# vim /etc/php5/apache2/php.ini
expose_php = Off

# service apache2 restart

@ After

# curl -LI https://xxxx.com.tw

HTTP/1.1 200 OK

Date: Mon, 07 Mar 2016 08:05:29 GMT

Server: Apache

Content-Type: text/htm

[Ubuntu] - 乾淨的移除套件

列出安裝目錄

# dpkg -L nginx

乾淨的移掉 nginx 包含 /etc/ 跟 重裝

apt-get autoreove nginx #  removes all but config file
apt-get purge nginx nginx-common nginx-full # removes everything
apt-get install nginx

[Ubuntu] - 系統時區修改

# sudo  dpkg-reconfigure tzdata

會談出視窗

選擇 Asia

選擇 taipei

[AWS] - Technical Essentials

90 % > <"

[AWS] - EC2 + S3

@ 到S3後台建立一個 Toky 的 Buket g1101

# sudo -s ( 小心使用 ><" )
# cd /root/
# apt-get install build-essential git libfuse-dev libcurl4-openssl-dev libxml2-dev mime-support automake libtool
# apt-get install pkg-config libssl-dev
# git clone https://github.com/s3fs-fuse/s3fs-fuse
# cd s3fs-fuse/
# ./autogen.sh
# ./configure --prefix=/usr --with-openssl
# make
# make install

# vim /etc/passwd-s3fs
#<AWS Access Key ID>:<AWS Secret Access Key>
AxxxxxxxxxxxxxxUA:vxxxxxxxxxxxxxxx+1

# chmod 640 /etc/passwd-s3fs
# mkdir /tmp/cache
# chmod 777 /tmp/cache
# mkdir /mnt/s3
# s3fs -o use_cache=/tmp/cache g1101 /mnt/s3

@ 查看 >< 有 256T
# df -h
Filesystem      Size  Used Avail Use% Mounted on
udev            492M   12K  492M   1% /dev
tmpfs           100M  348K   99M   1% /run
/dev/xvda1      7.8G  1.6G  5.9G  21% /
none            4.0K     0  4.0K   0% /sys/fs/cgroup
none            5.0M     0  5.0M   0% /run/lock
none            497M     0  497M   0% /run/shm
none            100M     0  100M   0% /run/user
s3fs            256T     0  256T   0% /mnt/s3


@ 如果要讓這個目錄可以讓 web User ( apache or www-data  )  存取到
要加上 allow_other

# s3fs -o allow_other,use_cache=/tmp/cache g1101 /mnt/s3

@ 自動開機 mount 加到 fstab or 寫到 /etc/rc.local

# vim /etc/fstab
s3fs#mybucket /mnt/s3 fuse allow_other,use_cache=/tmp/cache 0 0

@ Umount S3 Drive

# fusermount -u /mnt/s3