Secure Mailservers with Postfix
- Email Basics
- Mailserver Topologies
- E-mail protocols (SMTP, POP3, IMAP)
- Installation of Postfix
- Installation of an IMAP Server (Cyrus IMAP or Dovecot)
- E-mail directories (mbox vs. maildir)
- User administration with LDAP
- Filter functions
- Postfix own filter functions
- Greylisting with external policy servers
- Self-written external policy servers
- Amavisd-new
- SpamAssassin
- Performance Tuning (Cluster, Queue Management, RAM Disks)
- Security (TLS, SMTP-AUTH, email bombs)
- SPF, DKIM, DMARC
- Migration (Sendmail, MS-Exchange)
Apache Webserver Administration
- Comparison of Apache versions
- Apache installation
- Basic configuration
- Restrictions on access
- User authentication
- Virtual Hosting and Virtual Mass Hosting
- Rewriting
- Encryption with SSL/TLS
- Protocol analysis
- Database connection with PHP
- Apache Tuning
- Apache security
VPN Solutions with Linux
- VPN Architectures and Protocols in Comparison
- IPsec with strongSwan
- Networking of several locations
- Connection of field service employees
- Authentication with X.509 certificates
- Use of Smartcards
- NAT traversal
- IKEv2 with Windows 7
OpenLDAP and Kerberos
- LDAP Basics
- Installation of OpenLDAP
- Basic configuration and structure of the first directory
- Replication with SyncRepl
- Multi-master replication with OpenLDAP 2.4
- OpenLDAP overlays and their use
- Connection of Linux authentications with PAM
- Building a Kerberos environment
- Connection of authentication to Kerberos
- Connection of Samba
- Connection of the Squid user authentication
- Apache user authentication connection
- Connection of Postfix
- Read configuration data from the LDAP directory
- Login via LDAP and Kerberos
IPv6 with Linux
- Configuration of IPv6
- IPv6 address types
- IPv6 Routing
- Conversion of services to IPv6
- Connection to the Internet via IPv6 tunnel
- multicast routing
- Operation with a dual stack
- Firewalling with ip6tables
High Availability and LoadBalancing
- High availability
- What’s 99.9999%?
- Linux HA: Heartbeat
- Shared storage with DRBD
- Connection to real Shared Storage
- Construction of a high-availability load balancer for web servers with LVS
- Pound as Loadbalancing Proxy
DHCP, DNS and DNSSec
- DHCP with ISC DHCP 3.0
- Management of IP addresses with DHCP
- Permanent and dynamic allocation of IP addresses
- Distribution of further information for e.g. PXE
- DHCP relay o Fail-safe with DHCP failover
- DNA with ISC Bind9
- Caching-Only Name Server
- Primary and secondary name servers
- views
- Access controls to DNS information
- Dynamic DNS
- DNSSEC
- Activating DNSSEC in Bind9
- Signature of own zone
- Exchange of the Trust Anchor with other admins
- DLV (DNSSEC Look-aside Validation) Registration
OpenVPN - The alternative to IPSec
- Introduction to OpenVPN
- Installation of OpenVPN
- Setup of a VPN
- Authentication with certificates
- Integration of Windows clients
- Use of Smartcards
- Allocation of IP addresses and adaptation of the firewall
- Monitoring of the OpenVPN access
- Alternative: Wireguard
