Table of Contents for
Linux in a Windows World

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Linux in a Windows World by Roderick W Smith Published by O'Reilly Media, Inc., 2005
  1. Cover
  2. Linux in a Windows World
  3. Dedication
  4. Preface
  5. Contents of This Book
  6. Conventions Used in This Book
  7. Using Code Examples
  8. Comments and Questions
  9. Safari Enabled
  10. Acknowledgments
  11. I. Linux’s Place in a Windows Network
  12. 1. Linux’s Features
  13. Linux as a Server
  14. Linux on the Desktop
  15. Comparing Linux and Windows Features
  16. Summary
  17. 2. Linux Deployment Strategies
  18. Linux Desktop Migration
  19. Linux and Thin Clients
  20. Summary
  21. II. Sharing Files and Printers
  22. 3. Basic Samba Configuration
  23. The Samba Configuration File Format
  24. Identifying the Server
  25. Setting Master Browser Options
  26. Setting Password Options
  27. Summary
  28. 4. File and Printer Shares
  29. Printing with CUPS
  30. Creating a Printer Share
  31. Delivering Printer Drivers to Windows Clients
  32. Example Shares
  33. Summary
  34. 5. Managing a NetBIOS Network with Samba
  35. Enabling NBNS Functions
  36. Assuming Master Browser Duties
  37. Summary
  38. 6. Linux as an SMB/CIFS Client
  39. Accessing File Shares
  40. Printing to Printer Shares
  41. Configuring GUI Workgroup Browsers
  42. Summary
  43. III. Centralized Authentication Tools
  44. 7. Using NT Domains for Linux Authentication
  45. Samba Winbind Configuration
  46. PAM and NSS Winbind Options
  47. Winbind in Action
  48. Summary
  49. 8. Using LDAP
  50. Configuring an OpenLDAP Server
  51. Creating a User Directory
  52. Configuring Linux to Use LDAP for Login Authentication
  53. Configuring Windows to Use LDAPfor Login Authentication
  54. Summary
  55. 9. Kerberos Configuration and Use
  56. Linux Kerberos Server Configuration
  57. Kerberos Application Server Configuration
  58. Linux Kerberos Client Configuration
  59. Windows Kerberos Tools
  60. Summary
  61. IV. Remote Login Tools
  62. 10. Remote Text-Mode Administration and Use
  63. SSH Server Configuration
  64. Telnet Server Configuration
  65. Windows Remote-Login Tools
  66. Summary
  67. 11. Running GUI Programs Remotely
  68. Using Remote X Access
  69. Encrypting X by SSH Tunneling
  70. VNC Configuration and Use
  71. Running Windows Programs from Linux
  72. Summary
  73. 12. Linux Thin Client Configurations
  74. Hardware Requirements
  75. Linux as a Server for Thin Clients
  76. Linux as a Thin Client
  77. Summary
  78. V. Additional Server Programs
  79. 13. Configuring Mail Servers
  80. Configuring Sendmail
  81. Configuring Postfix
  82. Configuring POP and IMAP Servers
  83. Scanning for Spam, Worms, and Viruses
  84. Supplementing a Microsoft Exchange Server
  85. Using Fetchmail
  86. Summary
  87. 14. Network Backups
  88. Backing Up the Linux System
  89. Backing Up with Samba
  90. Backing Up with AMANDA
  91. Summary
  92. 15. Managing a Network with Linux
  93. Delivering Names with DNS
  94. Keeping Clocks Synchronized with NTP
  95. Summary
  96. VI. Appendixes
  97. A. Configuring PAM
  98. The PAM Configuration File Format
  99. PAM Modules
  100. Sample PAM Configurations
  101. Summary
  102. B. Linux on the Desktop
  103. Configuring Applications and Environments
  104. Running Windows Programs in Linux
  105. File and Filesystem Compatibility
  106. Font Handling
  107. Summary
  108. Index
  109. Colophon

Configuring Postfix

Postfix is an alternative to sendmail that ships with most major Linux distributions, although many of them don’t install it by default. If your distribution doesn’t ship with Postfix but you want to try it, check the Postfix home page (http://www.postfix.org) for source code download links. You might be able to install a binary package intended for another distribution, but chances are you’ll need to modify or replace the SysV startup scripts.

As with sendmail, configuring Postfix for your network requires understanding the main Postfix configuration files. You can then set the main Postfix options, including those relating to addressing, relaying, and spam control.

Tip

Postfix is a very complex server, so this chapter can present only the basics of its configuration. For more information, consult the documentation at the Postfix web site or a book on the subject, such as Postfix: The Definitive Guide (O’Reilly).

Postfix Configuration Files

Linux Postfix binary packages typically store configuration files in /etc/postfix. The main configuration file in this directory is main.cf , which controls the overall Postfix configuration. This file consists of comments, which are denoted by lines beginning with hash marks (#) and option lines of the form:

                  variable = value

The variable is typically a descriptive name, such as relayhost to set the hostname of another SMTP server that’s to act as a mail relay. The value can be a hostname, IP address, filename, or other string. Sometimes a value can have multiple components, separated by commas. A value can also refer to an earlier variable by name: precede the earlier variable name by a dollar sign ($), as in myorigin = $mydomain to set the myorigin variable to be identical to mydomain.

The default main.cf file is extremely well commented, so you can learn a great deal about the configuration and how you can change it by reading the comments. Further information, including information on obscure options not mentioned in the default comments, can be found in the online Postfix documentation.

Tip

After making changes to main.cf, you should tell Postfix about those changes. The simplest way to do this is to type postfix reload .

In addition to the main.cf file, Postfix relies on several other configuration files. Most of these are binary database file with filenames ending in .db. These files are similar in purpose to sendmail’s database files; they control username aliases, relay host mapping, and so on. Like the sendmail files, the Postfix database files are generated from plain-text files that typically take the same name as the database file but without the .db extension. Some of these files are described in upcoming sections.

Postfix Address Options

The Postfix address options begin with setting the server’s name. As with sendmail, Postfix uses gethostbyname( ) to determine the computer’s hostname and sets the hostname it reports to other systems appropriately. You can override this feature by setting myhostname:

myhostname = smtp.pangaea.edu

Two related options are mydomain and myorigin. The first of these sets the server’s Internet domain; it defaults to the value of $myhostname minus its first component, as in pangaea.edu if $myhostname is smtp.pangaea.edu. The myorigin variable sets the hostname that Postfix appends to email addresses that don’t specify a hostname. The default value is $mydomain, but you can change this to $myhostname or any other value, as appropriate.

If you want to force outgoing mail to have a particular return hostname, you can use the masquerade_domains option. You pass a domain name to this option, and hostnames within that domain are stripped down to the domain portion. For instance, if you set this option to pangaea.edu, and a user sends mail that has a return address of , Postfix changes the outgoing address to . This can be a handy option for coping with clients that insist on adding their own hostnames to outgoing mail. Mail with return addresses outside of the http://pangaea.edu domain are unaffected by this line, though. The masquerade_classes option affects the precise parts of the mail that are affected. You can set this to one or more of envelope_sender (the sender in the mail envelope), header_sender (the sender in the mail header), and header_recipient (the recipient in the mail header, typically used to strip hostnames from incoming mail). Typically, one or both of the first two options is used.

Still more complete address rewriting can be accomplished with the help of a file called sender_canonical. You specify the use of this file with the sender_canonical_maps option in main.cf:

sender_canonical_maps = hash:/etc/postfix/sender_canonical

You then edit the sender_canonical file so that each line holds an original email address or address fragment followed by the address or matching fragment you want substituted:

FETCHMAIL-DAEMON@localhost postmaster@pangaea.edu
@mandragora.example.com @pangaea.edu

These lines tell Postfix to replace with and to change any address at http://mandragora.example.com with the matching address at http://pangaea.edu. Once you’ve edited this file, type postmap sender_canonical. This command creates a sender_canonical.db file from the text-mode sender_canonical file.

When receiving mail, Postfix uses the mydestination variable to determine what addresses it’s to treat as local. Mail addressed to any user at any of the $mydestination addresses is passed to local users; mail addressed to other addresses is relayed to that address, assuming relaying is authorized. You can set multiple hostnames for mydestination by separating them with commas, as in:

mydestination = $myhostname, localhost.$mydomain, mail.pangaea.edu

Postfix Relay Options

Most default Postfix configurations relay mail from the local network and deliver mail directly to the destination server without using an outgoing relay. Thus, if you want to fine-tune your relay configuration or use an outgoing mail relay system, you must adjust your Postfix configuration. You may also want to make changes if you want Postfix to deliver incoming mail to other servers, such as to Microsoft Exchange servers, using Postfix as a spam filter, mail sorter, or in some role other than the final destination system.

Configuring Postfix to relay mail

The default Postfix configuration relays mail under certain limited circumstances:

  • The sender is on one of the $mynetworks networks. This defaults to the IP subnet on which the computer resides, but you can change it by setting mynetworks to a list of IP address ranges or by pointing to a file that holds this information. Alternatively, you can change mynetworks_style. This variable defaults to subnet, which sets the default behavior; however, you can set it to host, which causes Postfix to trust only the local machine. Setting mynetworks_style to class causes Postfix to trust the computers on the same class A, B, or C subnet on which it resides, which often (but not always) results in the same behavior as setting it to subnet.

  • The sender is in one of the domains specified by relay_domains. This variable defaults to $mydestination.

  • The sender is attempting to relay mail to a computer in $relay_domains or to a computer on the $mynetworks networks.

Overall, these defaults are laxer than those of sendmail. If you don’t want your computer to relay mail at all, you should restrict these settings:

mynetworks = 127.0.0.0/8
relay_domains = smtp.pangaea.edu

The first line tells Postfix to relay only mail from the localhost address. The second sets the relay domain to the server’s hostname (you should adjust it for your system, of course). A configuration that relays for some computers and networks, but not quite the default set, is also possible; for instance:

mynetworks = 127.0.0.0/8, 172.24.0.0/16, 192.168.24.0/24
relay_domains = $mydestination, pangaea.edu

This configuration tells Postfix to relay mail for two subnets by IP address, for the local domain ($mydestination), and for the http://pangaea.edu domain.

Configuring Postfix to use a relay

If Postfix should send mail through another computer as a relay, you should use the relayhost option to do the job. This option accepts a hostname as an option; Postfix sends mail through that system. Alternatively, you can provide a domain name if that domain’s MX record points to an appropriate server. For instance, suppose you want to relay mail through http://relay.pangaea.edu:

relayhost = relay.pangaea.edu

Tip

If you’re in the same domain as the outgoing mail relay and if your domain’s MX record points to the server you want to use, you can use $mydomain as the value of this option. Doing so has the advantage of adjusting automatically should you change your mail relay; Postfix can track the change using the MX record in your DNS server.

If your local DNS server is unreliable or if you use non-DNS methods of local name resolution, you may want to include the disable_dns_lookups = yes option. Ordinarily, Postfix uses DNS in preference to other name resolution methods; disabling this causes Postfix to use whatever name resolution methods are defined locally, such as your /etc/hosts file.

Configuring Postfix to forward mail

Postfix, like sendmail, can serve as a system that forwards incoming mail to its final destination. (Figure 13-2 illustrates this configuration.) The most basic method of configuring such a system is to use what Postfix refers to as a transport map . You point to a file containing this map with the transport_maps option:

transport_maps = hash:/etc/postfix/transport

Such a line may already be present in your default configuration, so check for it before adding it. As with other Postfix references to outside databases, this one uses a text-mode file (/etc/postfix/transport) that’s used to create a binary database with a similar name (/etc/postfix/transport.db). The plaintext file has a format that’s similar to sendmail’s mailertable. For instance, you can have Postfix deliver messages addressed to users in the http://subnet1.pangaea.edu subdomain to http://exchange1.pangaea.edu and use Procmail with the /etc/procmailrcs/exchange2 configuration file for addresses in the http://subnet2.pangaea.edu subdomain with a configuration like the following:

.subnet1.pangaea.edu  smtp:exchange1.pangaea.edu
subnet1.pangaea.edu   smtp:exchange1.pangaea.edu
.subnet2.pangaea.edu  procmail:/etc/procmailrcs/exchange2
subnet2.pangaea.edu   procmail:/etc/procmailrcs/exchange2

This configuration actually includes two lines for each subdomain. The lines with names that begin with dots (.subnet1.pangaea.edu and .subnet2.pangaea.edu) handle mail explicitly addressed to systems within the subdomain. The lines with names that lack leading dots handle mail addressed to the subdomain itself (such as ).