[SOLVED] Email server on LAN : bind configuration

John0000 · 2012-05-07 13:55:12

Hi,
I'm trying to set up an email server on a LAN from scratch, and I'm stuck at a few points....I know there are a lot of tutos on the net but I couldn't find one aimed at beginners for a LAN, and couldn't adapt an existing one to my needs.

My goal would be to make my own (internet) mail server, but I don't want to buy anything before fully understand how this works...

From what I read here and there for the first step I need to install and configure bind (no other choices?) to set the MX records.

1) At some point I should add in /etc/named.conf something like

zone "mydomain.com" {
        type master;
        allow-transfer {any;} ;  
        file "/etc/bind/db.mydomain.com";
};

Instead of "mydomain.com", can I put anything? Am I right in thinking that I can put in /etc/hosts

192.168.1.10 mail.omicron-domain.com

and then replace "mydomain.com" by "mail.omicron-domain.com" in /etc/named.conf ? Does it actually matter that I put ".com" since I'm on LAN?

2 ) Then I sould edit /etc/bind/db.mydomain.com with something like :

; TTL (Time To Live)
$TTL        604800

; General
@        IN        SOA        mail.omicron-domain.com. (
                         2                          ; Serial
                         604800                ; Refresh
                         86400                  ; Retry
                         2419200              ; Expire
                         604800 )              ; Negative Cache TTL
;

@       10800 IN      MX 10     mail.omicron-domain.com.

I omitted to put two mail servers as I read in most of the tutorials because I just don't have enought computers at home to test it. I guess this should be working provided that the only mail server does not go down?

How can I actually test if this is working?
Does it mean that the mail server also acts as a dns server?
Not to forgot anything, I think I also should replace in /etc/rc.conf my hostname with "mail.omicron-domain.com".

Any help appreciated !

Last edited by John0000 (2012-05-09 13:02:20)

fukawi2 · 2012-05-07 23:31:48

Firstly, this post is more about DNS/bind/MX records than mail servers, so changing your thread subject might help get more assistance.

John0000 wrote:

My goal would be to make my own (internet) mail server, but I don't want to buy anything before fully understand how this works...

So you want to accept incoming mail from the whole internet? Or just internally to your LAN?

John0000 wrote:

From what I read here and there for the first step I need to install and configure bind (no other choices?) to set the MX records.

There are many DNS providers out there who can do this for you; trying to learn and setup DNS *and* Mail server at the same time is likely to be overwhelming. It might help to use a free provider for DNS while you learn and setup the Mail server, then come back to learning DNS once you've got that sorted.

John0000 wrote:

1) At some point I should add in /etc/named.conf something like
zone "mydomain.com" {
        type master;
        allow-transfer {any;} ;  
        file "/etc/bind/db.mydomain.com";
};
Instead of "mydomain.com", can I put anything?

Well yes, but you need to have bought whatever domain you want to use. You then need to "delegate" you domain thru your domain registrar. This lets other computers on the internet know where to find your DNS server, to be able to resolve DNS records using it.

John0000 wrote:

Am I right in thinking that I can put in /etc/hosts
192.168.1.10 mail.omicron-domain.com
and then replace "mydomain.com" by "mail.omicron-domain.com" in /etc/named.conf ? Does it actually matter that I put ".com" since I'm on LAN?

/etc/hosts is only for YOUR computer. It has nothing to do with bind.
You can use .com on your LAN without a problem; just make sure you're bought that .com so that it's "yours" and you're not "stealing" someone else's.

John0000 wrote:

2 ) Then I sould edit /etc/bind/db.mydomain.com with something like :

; TTL (Time To Live)
$TTL        604800

; General
@        IN        SOA        mail.omicron-domain.com. (
                         2                          ; Serial
                         604800                ; Refresh
                         86400                  ; Retry
                         2419200              ; Expire
                         604800 )              ; Negative Cache TTL
;

@       10800 IN      MX 10     mail.omicron-domain.com.

Yes, you also need an A record for mail.omicron-domain.com. to map the address to an IP address.

mail      A     192.168.1.1

The TTL (10800 in your example) and the "IN" are optional these days when writing a RR in a bind zone file.

John0000 wrote:

I omitted to put two mail servers as I read in most of the tutorials because I just don't have enought computers at home to test it. I guess this should be working provided that the only mail server does not go down?

There is no reason you MUST have 2 mail servers. As you've said, it just means mail will be delayed if your primary server goes down. These days I usually recommend against having more than 1 since backup mail servers are usually unable to implement the same level of anti-spam filtering, and spammers know that so they often dump all their spam onto your backup mail server, but that's a topic for another thread.

bergersau · 2012-05-08 07:03:57

This is a bit out of date now but worth checking out.
Linux Reality podcast - now defunct but all episodes still available.
Simple home mail server episode 061.
http://archive.org/search.php?query=cre … ate&page=2

edit:typo..

Last edited by bergersau (2012-05-08 11:23:23)

John0000 · 2012-05-08 10:23:56

Thx for the answers. I'm going to check this episode

Ok so I reformulate : I want to create a lan email server, so that I understand the full process (DNS, postfix, dovecot..., security with iptables rules) before going 'live' and buying a real domain.

fukawi2 wrote:

Well yes, but you need to have bought whatever domain you want to use

Well if I'm on lan then I don't have to buy anything yet right?

Here is the zone I created

$TTL 7200
; omicron.tld
@       IN      SOA    ns.omicron.tld. root.omicron.tld. (
                                        18         ; Serial
                                        28800      ; Refresh
                                        1800       ; Retry
                                        604800     ; Expire - 1 week
                                        86400 )    ; Minimum

               IN      NS      ns
ns             IN      A       192.168.1.159
@       10800   IN      MX 10   mail1

I beleive it is correct because when I do

dig @127.0.0.1 omicron.tld MX

I get

;; ANSWER SECTION:
omicron.tld.		10800	IN	MX	10 mail1.omicron.tld.

;; AUTHORITY SECTION:
omicron.tld.		7200	IN	NS	ns.omicron.tld.

;; ADDITIONAL SECTION:
ns.omicron.tld.		7200	IN	A	192.168.1.159

Is it the correct way of checking this works?

Finally, last question, is the only thing I have to do with the other computers on the LAN is changing /etc/resolv.conf with

nameserver 192.168.1.159

?

fukawi2 · 2012-05-08 23:00:40

John0000 wrote:

Well if I'm on lan then I don't have to buy anything yet right?

If you're just doing development and testing on your local network, then that is correct... For clarity though, I would use something outside of the "public" TLD's to prevent leakage and confusion... Looks like you've changed that in your zone file from .com to .tld already though. I use .pvt for internal networks.

John0000 wrote:

Here is the zone I created
.............
I beleive it is correct because when I do

dig @127.0.0.1 omicron.tld MX

I get

;; ANSWER SECTION:
omicron.tld.		10800	IN	MX	10 mail1.omicron.tld.

;; AUTHORITY SECTION:
omicron.tld.		7200	IN	NS	ns.omicron.tld.

;; ADDITIONAL SECTION:
ns.omicron.tld.		7200	IN	A	192.168.1.159

You still need to add in a A record for mail1.... The "Additional" section should return the IP address(es) for that host.

For example, my work domain has 2 MX records (priority 10 and 20). The primary has an A record returned in the additional section, and the backup has an A and an AAAA record:

;; ANSWER SECTION:
mycompany.com.au.		3600	IN	MX	20 backup-mx.mycompany.com.au.
mycompany.com.au.		3600	IN	MX	10 primary-mx.mycompany.com.au.

<snip>

;; ADDITIONAL SECTION:
primary-mx.mycompany.com.au. 3600	IN	A	59.xxx.xxx.38
backup-mx.mycompany.com.au.	3600	IN	A	106.xxx.xxx.67
backup-mx.mycompany.com.au.	3600	IN	AAAA	2400:8900::xxxx:xxxx:fe93:381a

(Yes, I know this goes against what I said earlier about multiple MX hosts, but I am able to replicate our anti-spam on both hosts )

John0000 wrote:

Is it the correct way of checking this works?

Yes, correct way to test your DNS.

John0000 wrote:

Finally, last question, is the only thing I have to do with the other computers on the LAN is changing /etc/resolv.conf with
nameserver 192.168.1.159
?

It should be.

Last edited by fukawi2 (2012-05-08 23:02:15)

John0000 · 2012-05-09 12:36:50

Hi !
Thanks for the clarifications, I added as well the A record for 'mail1'.
I finally managed to get it to work, I am able to read and recover mail with evolution from another computer on my lan.
I didn't do the part on reverse dns though, but I guess that will be mandatory if I put the server on the internet..
If anyone is interested my working file looks like this :

$TTL 7200
; omicron.tld
@	IN	SOA    ns.omicron.tld. root.omicron.tld. (
                                        23	   ; Serial
                                        28800      ; Refresh
                                        1800       ; Retry
                                        604800     ; Expire - 1 week
                                        86400 )    ; Minimum

			NS      ns
@			MX 	10   mail1
localhost		A	127.0.0.1
ns		       	A       192.168.1.159
mail1   		A       192.168.1.159

fukawi2 · 2012-05-10 00:16:10

Glad you got it going

John0000 wrote:

I didn't do the part on reverse dns though, but I guess that will be mandatory if I put the server on the internet..

It is a good idea to help avoid your mail being spammed. Once the server has a public address then the reverse DNS will be managed by your provider, unless you own a public /24 or larger (in which case you probably wouldn't be asking these questions )

Arch Linux

#1 2012-05-07 13:55:12

[SOLVED] Email server on LAN : bind configuration

#2 2012-05-07 23:31:48

Re: [SOLVED] Email server on LAN : bind configuration

#3 2012-05-08 07:03:57

Re: [SOLVED] Email server on LAN : bind configuration

#4 2012-05-08 10:23:56

Re: [SOLVED] Email server on LAN : bind configuration

#5 2012-05-08 23:00:40

Re: [SOLVED] Email server on LAN : bind configuration

#6 2012-05-09 12:36:50

Re: [SOLVED] Email server on LAN : bind configuration

#7 2012-05-10 00:16:10

Re: [SOLVED] Email server on LAN : bind configuration

Board footer