LPI Updated 202-450 Exam Questions and Answers by delia

 OpenSSL is a software library that provides cryptographic functions and tools for creating and managing SSL/TLS certificates. One of the tools included in OpenSSL is the command-line utility openssl, which can be used to generate various types of cryptographic objects, such as private keys, public keys, certificate signing requests (CSRs), and certificates. A CSR is a file that contains the information needed by a certificate authority (CA) to issue a digital certificate for a web server. A CSR includes the public key of the web server, the domain name or names that the certificate will cover, and some identifying information about the organization or individual requesting the certificate. To generate a CSR for serving HTTPS with Apache HTTPD, the openssl command can be used with the req option, which stands for request. The req option takes several parameters, such as -new, -newkey, -nodes, -keyout, and -out, to specify the details of the CSR generation process. For example, the following command will generate a new private key and a new CSR for the domain example.com, using a 2048-bit RSA algorithm, and saving the files as example.key and example.csr respectively:

openssl req -new -newkey rsa:2048 -nodes -keyout example.key -out example.csr

The command will also prompt the user to enter some information for the CSR, such as the country code, state or province name, locality name, organization name, organizational unit name, common name, and email address. The common name is the most important field, as it should match the domain name or names that the certificate will cover. For example, if the certificate is for example.com, the common name should be example.com. If the certificate is for multiple domains, such as example.com and www.example.com, the common name should be one of them, and the rest should be specified as subject alternative names (SANs) in a configuration file. After the CSR is generated, it can be sent to a CA for signing and obtaining a certificate, which can then be installed and configured on the Apache HTTPD server to enable HTTPS.

References:

• OpenSSL: The official website of the OpenSSL project, which provides documentation, downloads, and support for the OpenSSL software.
• Apache: CSR & SSL Installation (OpenSSL) - DigiCert: A guide from DigiCert on how to create a CSR and install an SSL certificate on an Apache server using OpenSSL.
• How to Generate a Certificate Signing Request (CSR) for Apache Web Server Using OpenSSL - The SSL Store™: A tutorial from The SSL Store on how to generate a CSR for an Apache web server using OpenSSL.
• GoDaddy - Apache: Generate CSR (Certificate Signing Request): A step-by-step instruction from GoDaddy on how to generate a CSR for Apache 2.x using OpenSSL.

The global Postfix configuration file is located at /etc/postfix/main.cf. This file contains the main parameters that control the behavior of the Postfix mail server. It is a plain text file that consists of parameter-value pairs, comments, and blank lines. The syntax of the file is as follows:

parameter = value

commentThe parameter names are case-insensitive, and the values can be enclosed in quotes if they contain spaces or special characters. The values can also reference other parameters by using the $parameter syntax. The file can be edited manually or by using the postconf command. The postconf command can also be used to display the current values of the parameters, or to set new values. For example:

postconf -d # display default values of all parameters postconf -n # display non-default values of all parameters postconf -e ‘parameter = value’ # set a new value for a parameter

The main.cf file is read by Postfix when it starts or reloads. To reload Postfix after making changes to the file, use the command:

postfix reload

References:

• LPIC-2 Exam 202 Objectives, Objective 205.3: Managing a postfix server
• Postfix Basic Configuration, Postfix Documentation
• Postfix Configuration Parameters, Postfix Documentation
• How do I change postfix configuration after installing it?, Server Fault
• What are the Configuration Files for Postfix, The Geek Search

Sieve filters are usually applied to an email when the email is delivered to a mailbox by a mail delivery agent (MDA) or a local delivery agent (LDA). Sieve filters are scripts that can perform various actions on incoming emails, such as sorting them into folders, assigning labels, forwarding, rejecting, or discarding them. Sieve filters are executed on the server side, and they are independent of the mail user agent (MUA) or the mail access protocol. This means that the email filtering is consistent across different email clients and devices. Sieve filters are not applied when the email is relayed by an SMTP server, received by an SMTP smarthost, sent to the first server by an MUA, or retrieved by an MUA. These are different stages of the email delivery process, but they do not involve the final delivery of the email to a mailbox.

References:

• LPIC-2 Exam 202 Objectives, Objective 205.4: Managing a dovecot server
• Sieve filter (advanced custom filters) | Proton
• start - Sieve.Info
• What is Sieve Filtering? - Knowledge Base - Pair Networks

Sieve is a language for filtering and sorting email messages on a mail server. Sieve core filters are the basic actions that can be applied to a message that matches a set of conditions. The following actions are available in Sieve core filters:

• discard: This action discards the message silently, without sending any notification to the sender or the recipient. This action is useful for deleting spam or unwanted messages.
• fileinto: This action delivers the message to a specified mailbox. The mailbox can be an existing one or a new one that is created by the action. This action is useful for organizing messages into different folders based on their content or headers.
• reject: This action rejects the message and sends a notification to the sender with a specified reason. The message is not delivered to the recipient. This action is useful for informing the sender that the message was not accepted due to some policy or error.

The other options are not valid actions in Sieve core filters. drop, relay, and fileinto are not recognized keywords by Sieve.

References:

• Sieve: An Email Filtering Language, section 2.10, “Actions”
• Sieve Tutorial, section 4, “Actions”