2009-02 sharetech ms6x20
DESCRIPTION
2009-02 ShareTech Mail Server 郵件MS6X20伺服器教育訓練簡報 Peter WWTTRANSCRIPT
- 1. [email_address] MSN:[email protected]
2.
- IT
- IT
- ,
3.
- POP3 smtp
- Windows AD LDAP /
- [ ]
4. ShareTech MS 5. ShareTech MS
- MS6015
- MS6015,6020
- MS6015,6020,6120
- MS6015,6020,6120
- MS6015
6. MS-6015
- POP3 AD LDAP
- console
7. MS-6020
- AD LDAP
8. MS-6120
- AD LDAP
9. MS-6220
- console
10. MS-6320
- VGAPS/2
11.
- 4
- 1 IP/Gateway
- 2
- 3
- 4
12.
- Linux Postfix
- all-in-one
13.
14.
15.
- FTP .eml
16.
- / Windows AD LDAP /
17.
- SMTP POP3 /
- Web
18.
- Domain Name MX Record
- Mail Gateway ,
19. 20.
- (SMTP)
21.
- Sophos CLAM AV
22.
- ST-IPST-PIC (AWL) ip
23.
24.
25.
- ,
26.
27.
28.
29.
- WEB
30.
31.
32. D omainN ameS erver
- DNS
- DNS
- DNS
- DNS
- DNS nslookup
- DNS
- DNS Running ?
33. DNS
- Q: Domain name service) ?
- A:
-
- IP
-
- IPDNS
34. DNS
- Fully Qualified Domain Name (FQDN)
- WWW.SHARETECH.COM.TW .
- dot(.) , root ,
- FQDN
-
- IPRound Robin
-
- MX
- FQDNIP
-
- 127
-
- 63(a-z 0-9 -)
-
- 255
35. DNS Root Domain Subdomains Second-Level Domain Top-Level Domain FQDN: www.hnk.com.cn Host: www TW CN Root JP com sina hnk nike www COM 36. DNS
-
- DNS
-
- ( )
-
- http://www.root-servers.org / Root Server
-
- : MasterSlave
-
- : ( )
-
- Root Server
-
- Root ServerMirror ( f.root-servers.net )
-
- UDP
-
- 100 msec
-
- CacheDNS
37. Delegation
- ,
- / (Delegation).
- (Athoritative)
- :
- xxx.idv.tw
- xxx.co.jp
- xxx.ac.uk
- Delegationsub domainns
- , , .
- , :
- ; ;
38. IP.tw - http://www.twnic.net.tw 39. Query
- QueryResource Records
- Query(interative vs
- recursive )
- Cache(non-authoritavtive answer)
40. vs
- (recursive query)
- (iterated query)
requesting host Peter.sharetech.com.tw giga.cs.test.tw 1 2 3 4 5 6 authoritative name server dns.cs.test.tw 7 8 iterated query intermediate name server dns.test.tw local name server Dns.sharetech.com.tw 41. (caching) ( ) (cache) (timeout) TTL (Time to Live) Cache - - - , ( ) TTL - : - : (cached) 42. Resource Records
- Domain Record
- SOA Start Of Authority zone
- NS (Name Server)
- MXMail Exchange
- Host Record
- Reverse Lookup
43. NS (Name Server) 44. MXMail Exchange 45. Host Record (forward): Hostname to IPA Address(IPv4) CNAME Alias 46. Reverse Lookup
- (reverse): IP to Hostname
- PTR Pointer IP
- ISPIP Reverse Lookup
- Mail Server SPAM
47. nslookup
- nslookup
- Default Server:dns.hinet.net
- Address:168.95.1.1
- > www.kimo.com.tw
- Server:dns.hinet.net
- Address:168.95.1.1
- Non-authoritative answer:
- Name:w2.rd.vip.tw1.yahoo.com
- Address:119.160.246.23
- Aliases:www.kimo.com.tw, rc.tpe.yahoo.com
48. nslookup( )
- > 60.199.244.6( IP )
- Server:dns.hinet.net
- Address:168.95.1.1
- Name:6.60-199-244.yam.com
- Address:60.199.244.6
- > set q=mx( mail server)
- > seed.net.tw( )
49. nslookup( )
- > set q=mx ( mail server)
- > yam.com.tw ( )
- Server:dns.hinet.net
- Address:168.95.1.1
- Non-authoritative answer:
- yam.com.twMX preference = 1, mail exchanger = ASPMX.L.GOOGLE.COM
- yam.com.twMX preference = 5, mail exchanger = ALT1.ASPMX.L.GOOGLE.COM
- yam.com.twMX preference = 5, mail exchanger = ALT2.ASPMX.L.GOOGLE.COM
- yam.com.twMX preference = 10, mail exchanger = ASPMX2.GOOGLEMAIL.COM
- yam.com.twMX preference = 10, mail exchanger = ASPMX3.GOOGLEMAIL.COM
- yam.com.twMX preference = 10, mail exchanger = ASPMX4.GOOGLEMAIL.COM
- yam.com.twMX preference = 10, mail exchanger = ASPMX5.GOOGLEMAIL.COM
50. nslookup( )
- > set q=ns( )
- > yam.com.tw
- Server:dns.hinet.net
- Address:168.95.1.1
- Non-authoritative answer:
- yam.com.twnameserver = dns1.yam.com
- yam.com.twnameserver = dns2.yam.com
- dns1.yam.cominternet address = 60.199.244.5
- dns2.yam.cominternet address = 60.199.244.4
51. 52. DNS
- SPF (Sender Policy Framework)
- DNS RBL (DNS Realtime Black List)
- DDNS (Dynamic Domain Name Service )
53. S enderP olicyF ramework
- dnsTXTsource
- SPFRFC 4408
- SPF
-
- http:// www.openspf.org/wizard.html
-
- zone file
-
- TXT
54. SPF
- SenderRecipient
- SenderDoaminSPF
-
- [email_address]==>twnic.net.tw TXT
- IPSPF , ,
55. DNS RBL
- RBL
- RBLDNS Realtime Black List (dnsrbl)
- IP , ,
- RBL , ,
-
- RBLactive ,
-
- RBL ,
-
- RBL ,
-
- RBL ,
-
- RBL , ( , , ), RBL
-
- RBLRBL ,
56. RBL
- googlerbl check
- http://www.robtex.com/rbl/
57. RBL
- RBL
-
- , ( )
-
- > -bash-3.00# telnet mta-v1.mail.vip.cnb.yahoo.com 25
-
- Trying 203.209.228.230...
-
- Connected to mta-v1.mail.vip.cnb.yahoo.com.
-
- Escape character is '^]'.
-
- 421 4.7.0 [TS01] Messages from 118.69.211.98 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html
-
- Connection closed by foreign host.
-
- Spam,( )
58. DNS
- Q IP
- A IP
- pppoe IP
59. DNS
- www.dyndns.org/www.no-ip.com
- Client/Server Server (hostname,id,passwd) DNS resource records.
60. DNS Running ?
- DNS?
-
- Port Scan53/UDP ( )
-
- telnet 53 port
-
- nslookup q=ns . Dns_server ( Root )
- DNS :
-
- DNS
-
- ( )
-
- Router/Firewall53 port
-
- DNS
-
- TWNIC
61. ShareTech MS
- console
62. console
- RS-232 COM PORT 9600,n,8,1 MS#
63.
- VGA console
- press S or s key into safe mode S
- 192.168.168.X
64. 65. 66. 67.
- >
68. 69.
- >
70. 71.
- console VGA IP
- DNS nslookup)
- RBL LIST)
- SMTP,POP3,HTTP (telnet)
- (VIP,Transparent
- 0800666188
72. 73.
74. !! HA
- HA
- HA .
75. !! HA
- HA
76. !! HA
- WAN PORT HA (BACKUP)
77. !! HA
- WAN PORT HA HA eth1PORT
78. HA
- HA DEMO
79.