Changes

Jump to: navigation, search

OPS535 A2 201603

1,230 bytes removed, 15 March
m
no edit summary
[[Category:OPS535]][[Category:rchan]][[Category:peter.callaghan]]
= Due Dates =
* This assignment worth 15% of your final grade.
* Due Date See blackboard for documentation: November 30th Wednesday, 2016 the due date.<!--* Important: You must be in the Lab on December 5th, 2016 the due date to present your systems in order to have your assignment marked unless it is for medical reason.-->
=Specification=
== Basic Services ==
Setup an Internet email system for your assigned DNS Domain using the Virtual Machines in your Virtual Network. Your Internet email system must provide the following functions at the minimum:
# * A SMTP email server (running postfix) that is capable of receiving and sending emails for users in your domain.# ** Users in your domain must be able to send emails to users in the same domain and users in other students' domain domains in the class.# ** Users in your domain must be able to receive emails from other email users (both in your domain or and from other domains).# <!--* An IMAP Access Agent (running dovecot) allowing users in your domain to remotely access their mail.** Users in your domain must be able to access/manage their mail box using IMAP(s) clients or a web browser.--># * You email server must be configured to check the SPF (sender policy framework) of other domains for incoming email and reject email emails that are violating the sender policy.# * Configure your DNS server to implement and provide the SPF protection for your assignment domain.* Configure your DNS server to implement and provide the DNSSEC records for your assignment domain.**Provide the administrator for your lab domain (that's you) with a copy of the DS key for your assignment domain. If you have not already done so, include the glue record as well.**Provide the administrator for the ops domain (your professor) with a copy of the DS key for your lab domain. If you have not already done so, include the glue record as well. This, combined with the step above will establish a chain of trust between your assignment network, your lab network and the rest of the ops domain.**Configure a DNSSEC Trust Anchor so that your co-nfs server considers the .ops server to already be authenticated. I will provide the key necessary for this through blackboard.
== Supporting Services ==
You need the following services and network infrastructure to support your Internet Email System(some of which should have been configured in assignment 1):# A * Pri-dns must be the primary DNS name server for your assignment domain with the proper MX record(s), SPF record(s), and A record(s).# Proper static network routes to , and from other Email servers in the LabPTR record(s).# An IMAP/IMAPS server running on one of your virtual machines It must be queriable by any machine.# Two Web Mail servers running on two separated virtual machines. You need to store **Provide the users' mail on a NFS server so that both web mail servers can access administrator of the users' mail boxes. This will allow ops domain (your email users to use any one of your two web mail servers. (If you are short on time, one web server will be accepted.professor)# Make with glue records for your domain visible on the Lab's network. Please check the wiki site for the root hint file and/or the top level name servers' IP.# Update your * Co-nfs must be a caching DNS server info on , accessible to machines in your networks, that will forward traffic to the wiki site as well. URL of server for the wiki site: http://zenitops domain (172.senecac16.on1.ca/wiki/index.php/Domainreg . If you have trouble editing the wiki page1), please send an email then to your professorrns-ldap.# A root name * Rns-ldap must be a forwarding server for delegating domains to their corresponding registrantsonly. # A working LDAP server for storing email user account information**It must only be queriable by your co-nfs. If you are not using LDAP, you **It must at least use NIS have a copy of the root-hints zone.* Proper static network routes to centralize all your email user accountsand from other Email servers in the Lab<!--== BONUS ==# Optional: Use LDAP authentication to secure your web mail serveror Access Agent. (Bonus item +10%)# Optional: Enable DNSSEC on your root name server, primary DNS server, caching DNS server (Bonus item +10%) # Optional: Implement dynamic firewall rules to block black-listed IP addresses of email spammer. (Bonus item +10%)-->
= Evaluation =
==Part 1: Documentation (7 points)Script==<!--Your documentation should have enough detail to guide a CNS graduate to replicate your Internet Email system (e.g. to perform a disaster recovery) on a Centos 7.x system. Please use your actual IP addresses and FQDN names in your documentation. The documentation should include at least, but not limited to, the followings:# All On the steps required to setup up your Internet email system. (Keep notes when due date you setting up your web site)# A list of all the rpm packages required.# A list of all configuration files involved (especially for the DNS server and Postfix server).# A list of services needed to support the operation.# Step by step procedure on how to add a new email user to your domain.# Step by step procedure on how to send an email to someone with an email address outside of your domain.# Sample email log entries to show that your mail server has successfully delivered an outgoing email, accepting and rejecting an incoming email with SPF checks.# Sample email log entries will be tasked to show that your mail server has successfully received an incoming email. ==Part 2: Demonstration (3 points)==# Add a two new email user users to your domain. Name of the new user users will be given in class.# send an email by one of the new email user users to a designated user of the other domain.# receive the reply new email from the designated user of the other in your own domain. # Mail server log entries:## capture log entries to prove that your mail server has received reply send an email from the designated user by one of the other domain.## capture log entries to prove that your mail server has sent new email users to the designated user of other domain## capture log entries to prove that your mail server has received a new email from the designated user of the other domain.## capture log entries to prove that your mail server has sent an receive the reply email to from the designated user of the other domain.# Put the following information to query a text file:## the email to the designated user of the other domain, ## the reply email record from the designated user of the other another domain, ## the new email query a record from the designated user of the other another domain, with dnssec information included.-->## the reply email I will post a script to the designated user of the other domain, blackboard that will capture your configuration and ## all mail log entries mentionedlogs.Name the text file as "ops535-a2-demo-report-[Seneca-Id].txt" You will run this script on your machines and upload it the output to blackboard on the evaluation date.
If you have any questions or need any clarification, please email your instructor by November 25, 2016at least one week before the posted due date.
608
edits

Navigation menu