Tuesday, December 24, 2013

Of the few cases of hacking wordpress based website that I read on the internet, most of the hackers edit the index.php page and the password of the admin user (wp-admin). If you can not log in wp-admin means that the username or password have been edited and to restore it to normal should be through Cpanel. To change your username or password wordpress through CPanel, please log in to Cpanel and go to the menu and select phpMyAdmin database.

Here are the results of changes chapture I do to change the username and password in Cpanel.


Next on the menu please select phpMyAdmin database used for wordpress :


If the database is already selected, then select the table to be altered, namely wp_users :


In wp_user please select the edit :


And please edit the username and password in the following order:


So my experience in wordpress based websites restore, since that changed only the index.php page only, then restore the website not too long, but if the database is already in the drop by the hacking, it will automatically be made a new website again.
Static routing is how to provide access to network neighbors through the wan interface using static routing table. Static routing is simple routing arrangement in a computer network. Below is an example of the application of static routing to connect 2 routers that are in the city of Jakarta and Surabaya.

2 routers are connected via wan ip address 172.16.40.0/30, ip address for Jakarta 192.168.0.0/24 and Surabaya 192.168.1.0/24.

Setting hostname and IP address on the router Jakarta :
Router>enable
Router#configure terminal
Router(config)#hostname jkt-c2811
jkt-c2811(config)#interface fastEthernet 0/0
jkt-c2811(config-if)#ip address 172.16.40.1 255.255.255.252
jkt-c2811(config-if)#no shutdown
jkt-c2811(config-if)#^Z --> CTRL+Z
jkt-c2811#
jkt-c2811#configure terminal
jkt-c2811(config)#interface fastEthernet 0/1
jkt-c2811(config-if)#ip address 192.168.0.1 255.255.255.0
jkt-c2811(config-if)#no shutdown
And for Surabaya, we can configure the hostname and IP address as follows :
Router>enable
Router#configure terminal
Router(config)# hostname Sby-C2811
sby-C2811(config)#interface fastEthernet 0/0
sby-C2811(config-if)#ip address 172.16.40.2 255.255.255.252
sby-C2811(config-if)#no shutdown
sby-C2811(config-if)#^Z --> CTRL+Z
sby-C2811(config)#interface fastEthernet 0/1
sby-C2811(config-if)#ip address 192.168.1.1 255.255.255.250
sby-C2811(config-if)#no shutdown
If the ip address configured already completed, it is time to provide access static routing.

Routing static on Jkt-c2811 :
jkt-c2811#configure terminal
jkt-c2811(config)#ip route 192.168.1.0 255.255.255.0 172.16.40.2
Routing static on Sby-c2811 :
sby-C2811#configure terminal
sby-C2811(config)#ip route 192.168.0.0 255.255.255.0 172.16.40.1
To improve the security system of a pc or laptop, then it should if we add the device antivirus application. No paid antivirus application and there are free. In the application would have the excess paid more resilient to virus attacks and spam, but for us who have mediocre funds allocation would not hurt if we use a free antivirus on our laptop. Antivirus is free as long as it is updated frequently, certainly have the capability already enough for our laptop.


AVG Antivirus

AVG Antivirus is an antivirus application that is developed by AVG Technologies. In LinkScanner AVG antivirus is a feature that serves to scan and provide protection while we surf the internet. With these features if there is a malicious web page, then AVG will soon give a warning to us. For security, AVG antivirus arguably have a complete and advanced features. To download the latest AVG antivirus, please download http://free.avg.com/id-id/free-antivirus-download.

 

Avast!

Alwil Software is a developer of antivirus avast!. The company is domiciled in the city of Prague, Czech Republic. As with other antivirus developers, product release Alwil Software avast! paid and avast! are free. To find out more about this virus, please visit their website here. To download Avast antivirus! the latest, please download http://www.avast.com/index.

 

Clamwin

ClamWin Antivirus is based on ClamAV which has an open source license (GPL) or free. ClamAV antivirus itself is made ​​for detecting Trojans, viruses, malware and other malicious threats. Mailserver with operating systems such as Linux zimbra, iredmail and proxmox mail gateway by default to make ClamAV as antvirusnya. ClamWin can be installed in the operating system Windows 8/7, Windows Vista, XP, Me, 2000, 98 and Windows Server 2012, 2008 and 2003. ClamWin can be downloaded at the address http://www.clamwin.com/ .

 

SmadAV

SmadAV an antivirus locally made Indonesia. For computer users who rarely connect to the internet can install antivirus SmadAV. SmadAV is very lightly used and to update the virus needs done once a month, unlike other antivirus virus sometimes do updates per day. If we kenceng internet connection and unlimited, of course to do an update every day no problem, but if we use a different modem package (quota) for the Internet, of course with the antivirus updates every day would be passable take our internet quota. Antivirus SmadAV not overly dependent on the signature / virus database, but much depends on the behavior detection techniques, heuristic, and whitelisting. To download antivirus can be downloaded SmadAV http://www.smadav.net/download.

Monday, December 23, 2013

Xampp is a webserver application which can be downloaded for free. Xampp program consists of Apache, MySQL, PHP and Perl. X intent of the word Xampp is representing various operating system (Cross-platform), because it can be installed in the operating system Windows, Linux, Mac OS and Solaris. Xampp is currently the favorite web server application for Windows users, as a user friendly desktop application.

To download the file xampp please get in http://www.apachefriends.org .

Here are the results chapture xampp installation on windows 7 :

Tips & Tricks :

By default XAMPP can only run tag flanked by code php <? Php ... ?>, But have not been able to display the php tags are enclosed in <? ... ?>.


So that we can run the tag flanked by code php <? ... ?>, Then we have to activate the function short_open_tag in php.ini file. Please open the file in C:\xampp\php\php.ini with notepad and change short_open_tag = Off with short_open_tag = On .
LAMP stands for Linux, Apache, MySQL and PHP. LAMP package can be downloaded for free without any license fees. For installation in every way distributions are essentially the same, simply adjust the basic commands from their respective distributions. If we install LAMP on Ubuntu linux distro then we can use the command apt-get install and the location of the folder to publish the homepage by default in /var/www, linux Suse to install LAMP can use YaST application and publish to a folder by default homepage there in /srv/www/htdocs.

Installing LAMP on Ubuntu 12.04 LTS, the package will be installed are as follows :

  • apache2
  • php5 libapache2-mod-php5
  • mysql-server mysql-client
  • phpmyadmin
To install the above package in Ubuntu 12:04 LTS, please run the following command :
apt-get install  apache2 php5 libapache2-mod-php5 mysql-server mysql-client phpmyadmin

VLAN or virtual local area network is one way to classify Group segment LANs with different IP address, but the device is still in the network. If we have a cisco router with 2 interfaces, but we want to give the allocation of the different segments ip address for each department office, then we need a device under router that supports VLAN functions, such as cisco managable switch. Here is an example of a VLAN to the group bod, manager, accounting, purchasing, hrd, it and the employees. Simulations using a VLAN-making device cisco router 1841, Cisco 2950-24 switches, hubs, and end devices (pc).

To segment the IP address allocation is as follows :

  • bod with ip address 192.168.0.0/27 and interface fa 0/1
  • manager with ip address 192.168.1.0/27 and interface fa 0/2
  • accounting with ip address 192.168.2.0/27 and interface fa 0/3
  • purchasing with ip address 192.168.3.0/27 and interface fa 0/4
  • hrd with ip address 192.168.4.0/27 and interface fa 0/5
  • it staff with ip address 192.168.5.0/27 and interface fa 0/6
  • employees with ip address 192.168.6.0/24 and interface fa 0/7 
Segmentation based on a VLAN group, the switch cisco manageable (2950-24) can be setup as follows :
Switch>enable
Switch#vlan database
Switch(vlan)# vlan 100 name bod
Switch(vlan)# vlan 110 name manager
Switch(vlan)# vlan 120 name accounting
Switch(vlan)# vlan 130 name purchasing
Switch(vlan)# vlan 140 name hrd
Switch(vlan)# vlan 150 name it
Switch(vlan)# vlan 160 name karyawan
Switch(vlan)# exit
Switch#config t
Switch(config)#int fa 0/1
Switch(config-if)#switchport access vlan 100
Switch(config-if)#exit
Switch(config)#int fa 0/2
Switch(config-if)#switchport access vlan 110
Switch(config-if)#exit
Switch(config)#int fa 0/3
Switch(config-if)#switchport access vlan 120
Switch(config-if)#exit
Switch(config)#int fa 0/4
Switch(config-if)#switchport access vlan 130
Switch(config-if)#exit
Switch(config)#int fa 0/5
Switch(config-if)#switchport access vlan 140
Switch(config-if)#exit
Switch(config)#int fa 0/6
Switch(config-if)#switchport access vlan 150
Switch(config-if)#exit
Switch(config)#int fa 0/7
Switch(config-if)#switchport access vlan 160
Switch(config-if)#exit
If the VLAN database is OK, the next step we have to set 2950-24 trunk on the switch port connected to the Cisco router 1841 and in this setting we are using port 24 :
Switch#config t
Switch(config)#int fa 0/24
Switch(config-if)#switchport mode trunk
With the above steps, it means that the VLAN settings on the Switch 2950-24 has been completed and as a follow up of the VLAN-making we need to create a sub interface on cisco router 1841, which is on the sub-interface we have allocated to segment the IP address of a VLAN that has formed.
Router>enable
Router#conf t
Router(config)#int fa 0/0.100
Router(config-subif)#encapsulation dot1Q 100
Router(config-subif)#ip address 192.168.0.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.110
Router(config-subif)#encapsulation dot1Q 110
Router(config-subif)#ip address 192.168.1.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.120
Router(config-subif)#encapsulation dot1Q 120
Router(config-subif)#ip address 192.168.2.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.130
Router(config-subif)#encapsulation dot1Q 130
Router(config-subif)#ip address 192.168.3.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.140
Router(config-subif)#encapsulation dot1Q 140
Router(config-subif)#ip address 192.168.4.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.150
Router(config-subif)#encapsulation dot1Q 150
Router(config-subif)#ip address 192.168.5.1 255.255.255.224
Router(config-subif)#exit
Router(config)#int fa 0/0.160
Router(config-subif)#encapsulation dot1Q 160
Router(config-subif)#ip address 192.168.6.1 255.255.255.224
Router(config-subif)#exit
And do not forget to turn on (no shutdown) fast ethernet port 0/0 on a Cisco 1841 router and store it in memory router configuration with the following command :
Router#conf t
Router(config)#int fa 0/0
Router(config)# no shutdown
Router(config)#exit
Router# write memory
The application of this concept is suitable for VLAN segmentation ip address needs in a large company, because the concept we can map the VLAN segmentation in accordance with the ip address in the corporate department.
A firewall is a software that serves to provide a policy against traffic, if there is traffic that is considered safe then the traffic will be permitted, but if there is traffic deemed unsafe then the traffic will be rejected.The firewall can also be enabled to provide privacy to the user who can and can not internet. Here is an example of creating a firewall rule on the router mikrotik RB411U. Start RouterOS version 2.9, known feature called IP Address List. This feature is a grouping of a particular IP address and every IP Address We could call it. This group can be used as a parameter in the mangle, firewall filters, grout, or queue.

Before you create a firewall rule is useful to determine in advance the address list .
[admin@MikroTik] /ip firewall address-list>add address=103.5.45.8/29 list=ournetwork
[admin@MikroTik] /ip firewall address-list>add address=192.168.1.0/24 list=ournetwork
[admin@MikroTik] /ip firewall address-list>add address=192.168.1.10 list=Share-Printer
Rule firewall on the router MikroTik RB411U :
[admin@MikroTik] /ip firewall filter> 
/add chain=forward action=accept connection-state=established comment="allow established connections"
/add chain=forward action=accept connection-state=related comment="allow related connections"
/add chain=forward action=drop connection-state=invalid comment="drop invalid connections"
/add chain=virus action=drop protocol=tcp dst-address-list=!Share-Printer dst-port=135-139 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=udp dst-address-list=!Share-Printer dst-port=135-139 comment="Drop Messenger Worm"
/add chain=virus action=drop protocol=tcp dst-port=1433-1434 comment="Worm"
/add chain=virus action=drop protocol=tcp dst-address-list=!Share-Printer dst-port=445 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=udp dst-port=445 comment="Drop Blaster Worm"
/add chain=virus action=drop protocol=tcp dst-port=593 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1024-1030 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1080 comment="Drop MyDoom"
/add chain=virus action=drop protocol=tcp dst-port=1214 comment="---"
/add chain=virus action=drop protocol=tcp dst-port=1363 comment="ndm requester"
/add chain=virus action=drop protocol=tcp dst-port=1364 comment="ndm server"
/add chain=virus action=drop protocol=tcp dst-port=1368 comment="screen cast"
/add chain=virus action=drop protocol=tcp dst-port=1373 comment="hromgrafx"
/add chain=virus action=drop protocol=tcp dst-port=1377 comment="cichlid"
/add chain=virus action=drop protocol=tcp dst-port=2745 comment="Bagle Virus"
/add chain=virus action=drop protocol=tcp dst-port=2283 comment="Drop Dumaru.Y"
/add chain=virus action=drop protocol=tcp dst-port=2535 comment="Drop Beagle"
/add chain=virus action=drop protocol=tcp dst-port=2745 comment="Drop Beagle.C-K"
/add chain=virus action=drop protocol=tcp dst-port=3127 comment="Drop MyDoom"
/add chain=virus action=drop protocol=tcp dst-port=3410 comment="Drop Backdoor OptixPro"
/add chain=virus action=drop protocol=tcp dst-port=4444 comment="Worm"
/add chain=virus action=drop protocol=udp dst-port=4444 comment="Worm"
/add chain=virus action=drop protocol=tcp dst-port=5554 comment="Drop Sasser"
/add chain=virus action=drop protocol=tcp dst-port=8866 comment="Drop Beagle.B"
/add chain=virus action=drop protocol=tcp dst-port=9898 comment="Drop Dabber.A-B"
/add chain=virus action=drop protocol=tcp dst-port=10000 comment="Drop Dumaru.Y (vpn atau webmin)"
/add chain=virus action=drop protocol=tcp dst-port=10080 comment="Drop MyDoom.B"
/add chain=virus action=drop protocol=tcp dst-port=12345 comment="Drop NetBus"
/add chain=virus action=drop protocol=tcp dst-port=17300 comment="Drop Kuang2"
/add chain=virus action=drop protocol=tcp dst-port=27374 comment="Drop SubSeven"    /add chain=virus action=drop protocol=tcp dst-port=65506 comment="Drop PhatBot, Agobot, Gaobot"
/add chain=forward action=jump jump-target=virus comment="jump to the virus chain"
/add chain=input action=accept connection-state=established comment="Accept established connections"
/add chain=input action=accept connection-state=related comment="Accept related connections"
/add chain=input action=drop connection-state=invalid comment="Drop invalid connections"
/add chain=input action=accept protocol=udp comment="UDP"
/add chain=input action=accept protocol=icmp limit=50/5s,2 comment="Allow limited pings"
/add chain=input action=drop protocol=icmp comment="Drop excess pings"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=21 comment="FTP"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=22 comment="SSH"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=23 comment="Telnet"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=80 comment="http"
/add chain=input action=accept protocol=tcp src-address-list=ournetwork dst-port=8291 comment="Webmin"
/add chain=input action=accept src-address-list=ournetwork comment="Network Accept MikroTik"
/add chain=input action=log log-prefix="DROP INPUT" comment="Log everything else"
/add chain=input action=drop comment="Drop everything else"
Mailserver backup is a mail server that functioned as a container for the email if the primary mail server is down, and if the primary mailserver is up again, then the email is stored before being sent back to the main mailserver periodically. Zimbra is a complete mail server applications, but can be configured as the primary mail server can also be configured as a backup mail server (MX2).

In implementing the mail server backups can be summarized as follows:

  1. Mail server backup can not be used to be the main mailserver, because only accommodate a backup mailserver email semetara time, so that the incoming email does not bounce or return to sender
  2. For the mail server configuration backup only be set to forward a domain function
  3. On the mail server backups are not required to manufacture the email account of the user
  4. Email being stored on the mail server backups automatically forwarded to the main mail server periodically
  5. Mail servers can serve as a backup, if the mail server is conditioned as MX2 or greater value of MX1
Examples of data to make a backup mailserver :

  •  Domain : pandujaringan.com
  • Mail Exchange (MX) 1 : mail.pandujaringan.com
  • Mail Exchange (MX) 2 : mail2.pandujaringan.com
MX1 and MX2 for configuration lies in the domain record in dns server, so if the dns server is managed by your own please add MX2 record that leads to a host of servers that serve as a backup mail server and give a greater priority than the MX1. If the domain record held by the isp dns servers, please ask the MX2 record additions to your isp.

Here is a sample configuration to make zimbra as mail server backups :

  1. Install zimbra mail server with domain pandujaringan.com (please adjust to your domain), for example zimbra installation on Centos 6, please read here
  2. If zimbra already finished installed, please go to zimbra and settings for the domain forward 
su - zimbra
zmprov md pandujaringan.com zimbraMailCatchAllAddress @pandujaringan.com
zmprov md pandujaringan.com zimbraMailCatchAllForwardingAddress @pandujaringan.com
zmprov md pandujaringan.com zimbraMailTransport smtp:mail.pandujaringan.com
 Source of this article is HERE
Because my laptop is a laptop with 512 RAM, then I want to embed a lightweight operating system based on Linux. Results from googling that here finally I am interested to install linux Backtrack 5 R3. After successfully implanting Backtrack 5 R3, the first time that I want to do is to install huawei modem, because I wanted to connect to the internet in order to install the multimedia such as vlc, adobe pdf reader and equip backtrack 5 r3 with LibreOffice. As the information that I lived in Indonesia with SIMPATI gsm provider, so for the wvdial configuration please adjust to the conditions of each.


Application used to install Huawei E173 modem is as follows :

  • libxplc0.3.13_0.3.13-1build1_i386.deb
  • libwvstreams4.6-base_4.6.1-1_i386.deb
  • libwvstreams4.6-extras_4.6.1-1_i386.deb
  • libuniconf4.6_4.6.1-1_i386.deb
  • wvdial_1.61-2_i386.deb
To download all 5 packages above, please download HERE .

Once downloaded wvdial package, please extract the unzip and run the following command :
root@bt:~/Downloads# unzip wvdialtool.zip
root@bt:~/Downloads# cd wvdialtool
root@bt:~/Downloads/wvdialtool# dpkg -i *.deb
Furthermore, we also need the usb-modeswitch applications and application can be downloaded HERE .
root@bt:~/Downloads# unzip usb-modeswitch.zip
root@bt:~/Downloads# cd usb-modeswitch
root@bt:~/Downloads/usb-modeswitch# dpkg -i usb-modeswitch-data_20100127-1_all.deb
root@bt:~/Downloads/usb-modeswitch# dpkg -i usb-modeswitch_1.1.0-2_i386.deb
If all the applications already installed, it's time setting diulup wvdial. Here is an example of setting the modem huawei E173 with wvdial number gsm SIMPATI (my country Indonesia) :
root@bt:~#  vim /etc/wvdial.conf
[Dialer Defaults]
Auto DNS = 1
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0 &C1 &D2 +FCLASS=0
Init3 = AT+CGDCONT=1,"IP","internet"
Modem Type = Analog Modem
ISDN = 0
New PPPD = yes
Phone = *99***1#
Modem = /dev/ttyUSB0
Username = ''
Password = ''
Baud = 9600
To check on the usb modem ttyUSB port number please do the command :
root@bt:~# wvdialconf
And to make an internet connection with wvdial diulup, please run the command :
root@bt:~# wvdial
When we install zimbra mail server, then automatically performs zimbra generate Self-Signed Certificate for webmail clients, webmail console, smtp, pop and imap. Self-Signed Certificate valid for one year from installation zimbra mail server. If the expiry date Self-Signed Certificate is not renewed automatically zimbra mail server can not be used to send and receive e-mail because it is considered less safe by zimbra.

To check the validity period on a Self-Signed Certificate zimbra mail server, please do the following :
mail:~ # su - zimbra
zimbra@mail:~> su
Password:
mail:/opt/zimbra # zmcertmgr viewdeployedcrt

To install the Self-Signed Certificate on the mail server zimbra is already expired, please run the step-by-step below :

Before installing the Self-Signed Certificate is new, we should first backup the Self-Signed Certificate old with the command :
mail:~ # cp -rf /opt/zimbra/ssl /opt/zimbra/backup

The next is to generate a new Certificate Authority (zmssl.cnf, ca.key, and ca.pem) :
mail:~ # cd /opt/zimbra/bin
mail:/opt/zimbra/bin # ./zmcertmgr createca -new

Then we request the validity period of the Self-Signed Certificate for zimbra mail server, for example for 1 year (365 days) or 2 years (730 days) :
mail:/opt/zimbra/bin # ./zmcertmgr createcrt -new -days 730

Then install deploycrt self & deploy ca :
mail:/opt/zimbra/bin # ./zmcertmgr deploycrt self
mail:/opt/zimbra/bin # ./zmcertmgr deployca

Restart daemon zimbra mail server :
mail:~ # su - zimbra
zimbra@mail:~> zmcontrol restart

Finally It's finished installation Self-Signed Certificate on the mail server zimbra. The next guide I will write how to install commerciale 256-bit encryption certificate from GoDaddy on the mail server zimbra.

Monday, December 2, 2013

Wireless mikrotik tipe RB411U ini sangat cocok digunakan untuk sebuah mini akses point. Pada dasarnya RB411U ini adalah akses point untuk outdoor, namun bisa juga difungsikan untuk indoor. Malah menurut saya lebih enakan digunakan untuk indoor, karena RB411U ini dapat ditempelkan di dinding, sehingga posisi wireless lebih rapi. Untuk hardware RB411U ini menggunakan board Atheros AR7130 300MHz, dilengkapi 1 buah ethernet dan 1 buah wireless card R52 ABG 65mWatt.

Untuk konfigurasi RB411U disini saya menggunakan aplikasi winbox, jika anda belum punya silahkan download di www.mikrotik.co.id .

1. Login ke Mikrotik

Silahkan Login ke Mikrotik RB411U dengan username dan  password Anda :

 2. Setting Ip Address untuk interface ethernet dan wireless RB411U

Interface ethernet adalah port yang mencolok ke network office dan wireless adalah interface yang nanti kita gunakan untuk koneksi ke device user LAN office (notebook, tablet, handphone, dll). Untuk penggunaan ip address silahkan sesuaikan dengan kebutuhan masing-masing.



3. Routing global internet interface wireless

Supaya interface wireless dapat terkoneksi ke internet, maka kita harus memberikan routing ke gateway internet  di mikrotik RB411U


4. Setting dns

Supaya dapat membaca domain, maka mikrotik harus diberikan alokasi ip addres untuk dns server nya. Jangan lupa untuk memberikan centang pada pilihan "Allow Remote Request" .


5. DHCP Server

Supaya user wireless nanti bisa mendapatkan ip address secara otomatis, maka kita harus membuat DHCP server pada mirotik.





6. Setting Wireless di Mikrotik

Untuk setting wireless di Mikrotik RB411U, silahkan pilih menu wireless yang ada di sebelah kiri:


Selanjutnya sebelum setting aktifasi ssid wireless mikrotik RB411U, kita terlebih dahulu harus membuat profile security :


Kalau security profile sudah jadi, saatnya untuk setting ssid wireless mikrotik RB411U :




Melanjutkan tulisan sebelumnya, bahwa instalasi dns server ini saya fungsikan hanya untuk kebutuhan install mailserver zimbra di Cento 6.5 bukan untuk dipublish, sehingga untuk konfigurasi dns server saya hanya menggunakan konfigurasi dns server biasa (bukan dengan chroot).

Maksud dari tujuan instalasi dns server ini supaya kita dapat create record domain di lokal komputer yang akan diinstall zimbra, jadi nantinya pada konfigurasi /etc/resolv.conf diisi dengan alamat ip address komputer zimbra bukan alamat dns isp.

Untuk instalasi dns server di Centos, silahkan lakukan perintah berikut :
[root@mail ~]# yum install bind* -y

Setelah semua aplikasi dns server selesai, selanjutanya kita harus melakukan edit di file /etc/named.conf :
[root@mail ~]# vi /etc/named.conf
options {
        listen-on port 53 { 127.0.0.1; 10.0.2.254; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 10.0.2.0/24;};
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "pandujaringan.com" IN {
        type master;
        file "pandujaringan.conf";
        allow-update { none; };
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Pada zone pandujaringan.com di atas,  kita mengarahkan konfigurasi domain pandujaringan.com pada file pandujaringan.conf, sehingga agar funsgi domain dapat berjalan dengan baik, maka kita harus membuat record file pandujaringan.conf  di folder /var/named :
[root@mail ~]# cd /var/named/
[root@mail named]# vi pandujaringan.conf
$TTL 1D
@       IN SOA ns1.pandujaringan.com. root.pandujaringan.com. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      ns1.pandujaringan.com.
        A       10.0.2.254
        AAAA    ::1
        MX      10 mail.pandujaringan.com.
ns1     A       10.0.2.254
mail    A       10.0.2.254
Setelah zone pandujaringan.com selesai dibuat, maka daemon dns server (named) dapat up kan dengan perintah sebagai berikut :
[root@mail ~]# /etc/init.d/named start
Generating /etc/rndc.key:                                  [  OK  ]
Starting named:                                                [  OK  ]
Jika sudah OK, saatnya melakukan testing domain dengan perintah nslookup dan dig mx :
[root@mail]# nslookup mail.pandujaringan.com
Server:         10.0.2.254
Address:        10.0.2.254#53

Name:   mail.pandujaringan.com
Address: 10.0.2.254
 [root@mail]# dig mx pandujaringan.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> mx pandujaringan.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56709
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; QUESTION SECTION:
;pandujaringan.com.                IN      MX

;; ANSWER SECTION:
pandujaringan.com. 86400   IN      MX      10 mail.pandujaringan.com.

;; AUTHORITY SECTION:
pandujaringan.com. 86400   IN      NS      ns1.pandujaringan.com.

;; ADDITIONAL SECTION:
mail.pandujaringan.com. 86400 IN  A       10.0.2.254
ns1.pandujaringan.com. 86400 IN    A       10.0.2.254

;; Query time: 0 msec
;; SERVER: 10.0.2.254#53(10.0.2.254)
;; WHEN: Mon Dec  2 17:37:36 2013
;; MSG SIZE  rcvd: 112

Saturday, August 3, 2013

Mail server merupakan server yang difungsikan untuk mengirim dan menerima surat elektronik atau email. Mail server ini dalam aplikasinya bisa ditaruh di dalam ruang server sendiri atau bisa juga ditaruh di tempat hosting. Keuntungan jika mail server dikelola sendiri, maka kita memiliki full akses terhadap server, jadi untuk kebutuhan quota storage tidak terbatas, dalam artian jika harddisk sudah full maka kita tinggal upgrade kapasitas harddisknya.

Lain halnya jika kita hosting ditempat lain, maka untuk quota dan banyaknya account email yang dapat dicreate sangat terbatas, biasanya 1 GB untuk 100 user account.

Ok, balik ke topik awal :)

Zimbra merupakan salah satu aplikasi mail server yang memberikan kemudahan namun untuk featurenya bisa dibilang powerfull. Saat ini zimbra hanya bisa diinstalasi di operating sistem linux. Untuk distro linux apa saja yang disupport oleh zimbra dapat dilihat di www.zimbra.com .

Sebagai persiapan kemudahan dalam instalasi zimbra, berikut data yang saya gunakan :

  • Hardware menggunakan server hp dengan RAM 6 GB dan harddisk 2x300GB (RAID 1)
  • Operating System dengan Centos 6.5 x86_64
  • Aplikasi email dengan Zimbra ZCS 7.2.5 GA
  • Domain/ Hostname : pandujaringan.com/ mail.pandujaringan.com
  • IP Address : 10.0.2.254/24  dengan sistem NAT ke IP Public ISP
Karena tulisan ini fokus untuk sistem instalasi zimbra, maka untuk instalasi opertaing sistem Linux Centos 6 disini saya anggap sudah selesai, sehingga dapat langsung diteruskan ke langkah instalasi zimbra.

Jika instalasi Centos 6 sudah Ok dan setting ip addres juga sudah berjalan dengan baik, maka selanjutnya kita harus mengecek penamaan hosts, karena untuk penamaan hosts ini  harus mengacu pada aturan fully qualified domain name (fqdn) atau penulisan nama domain secara lengkap, sebagai contoh format fqdn adalah mail.pandujaringan.com. Sedangkan untuk merubah hosts pada linux dapat dirubah di file /etc/hosts :
[root@mail ~]# vi /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.2.254  mail.pandujaringan.com  mail
Untuk langkah selanjutnya zimbra memerlukan status kejelasan domain, sehingga zimbra mewajibkan kita untuk create record domain terlebih dahulu, karena nanti saat kita menjalankan perintah install pada zimbra ada tahapan dari instalasi tersebut, dimana zimbra akan memeriksa status domain diarahkan ke MX ( mailserver ) mana dan ip berapa dari MX tersebut. Karena pada panduan ini kita menggunakan ip private maka kita memerlukan sebuah dns server untuk create record domain. dns server ini boleh menggunakan server lain yang terhubung dengan mailserver zimbra, bisa juga kita menginstall dns server di linux Centos 6.5. Panduan instalasi dns server pada Cents 6 akan saya tulis pada tulisan saya berikutnya, jadi jika saat ini anda belum mempunyai panduannya silahkan cari di mbah google :)

Zimbra untuk Centos 6.5 x86_64 dapat didownload di alamat http://files2.zimbra.com/downloads/8.0.5_GA/zcs-8.0.5_GA_5839.RHEL6_64.20130910123908.tgz dan biasanya saya menyimpannya di folder /opt :
[root@mail ~]# cd /opt
[root@mail opt]# wget http://files2.zimbra.com/downloads/8.0.5_GA/zcs-8.0.5_GA_5839.RHEL6_64.20130910123908.tgz
Jika download sudah selesai, silahkan file download tersebut diekstrak dan dilakukan instalasi :
[root@mail opt]# tar -xzvf zcs-8.0.5_GA_5839.RHEL6_64.20130910123908.tgz
[root@mail opt]# cd zcs-8.0.5_GA_5839.RHEL6_64.20130910123908
[root@mail zcs-7.2.5_GA_2906.RHEL6_64.20130911101145]# ./install.sh --platform-override
Setelah menjalankan perintah  ./install.sh --platform-override maka secara otomatis instalsi zimbra berjalan dan biasanya ada beberapa pertanyaan yang harus anda jawab secara benar :)

Selanjutnya apabila instalasi zimbra sudah berhasil, maka zimbra dapat diakses dari browser kita :

  • Untuk webmail client zimbra dapat diakses di http://10.0.2.254
  • Untuk zimbra admin konsole dapat diakses di https://10.0.2.254:7071
Tulisan ini dibuat sebagai dokumentasi proses instalasi di salah satu client perusahaan saya, dimana mail server client saya sebelumnya memperoleh serangan spam yang bertubi-tubi dan menyebabkan koneksi internetnya menjadi lambat. Setelah zimbra digunakan menggantikan mailserver sebelumnya, secara drastis serangan spam berkurang dan koneksi internetnya normal kembali.