Janar jeri na jerin: Hanyoyin sadarwar Kwamfuta don SMEs: Gabatarwa
Wannan labarin shine ci gaba kuma na ƙarshe na ayyukan ƙarami:
- Squid + PAM Tabbatarwa akan CentOS 7.
- Mai amfani da gida da kuma kula da rukuni
- NSD Server na DNS Mai sarrafawa + Shorewall
- IM Prosody da masu amfani na gari
Barka dai abokai da abokai!
da Masu kwazo suna so su sami nasu sabar wasiku. Ba sa son yin amfani da sabobin inda "Sirrin" yake tsakanin alamun tambaya. Mutumin da ke kula da aiwatar da sabis ɗin a kan karamar uwar garken ku ba ƙwararren masani ba ne a cikin batun kuma da farko zai yi ƙoƙarin girka ginshiƙan uwar garken wasiƙa ta gaba. Shin "lissafin" ne don yin Cikakken Mailserver yana da ɗan wahalar fahimta da amfani. 😉
Bayanin gefe
- Ya zama dole a fayyace game da ayyukan da kowane shirin da ke cikin Mailserver ke aiwatarwa. A matsayin jagorar farko muna ba da dukkanin jerin hanyoyin haɗin kai masu amfani tare da ayyana manufar cewa ana ziyartarsu.
- Aiwatar da Cikakken Sabis ɗin Hannu daga farko yana da gajiyawa, sai dai idan kuna ɗaya daga cikin '' zaɓaɓɓu '' waɗanda ke yin irin wannan aikin a kullum. An kafa Sabar Wasikun -a hanyar gaba daya- ta shirye-shirye daban daban wadanda suke rike daban SMTP, POP / IMAP, Ajiye saƙonni na cikin gida, ayyukan da suka shafi kula da SPAM, Antivirus, da dai sauransu. Dukan waɗannan shirye-shiryen dole ne suyi sadarwa da juna daidai.
- Babu wata hanyar-da ta dace-duka ko "mafi kyawun aiki" akan yadda ake sarrafa masu amfani; inda kuma yadda za a adana saƙonni, ko yadda ake sanya dukkan abubuwan haɗin su yi aiki tare gaba ɗaya.
- Haɗuwa da kunna Mailserver sun zama abin ƙyama a cikin batutuwa kamar izini da masu fayil, zaɓar wane mai amfani ne zai kula da wani tsari, kuma a ƙananan kuskuren da aka yi a cikin wasu fayilolin sanyi na esoteric.
- Sai dai idan kun san da kyau abin da kuke yi, sakamakon ƙarshe zai zama mai tsaro ko ɗan saƙo mara sa aiki. Cewa a ƙarshen aiwatarwar Ba ya aiki, zai iya zama mafi ƙarancin munanan abubuwa.
- Zamu iya samun adreshin adadi mai kyau akan yanar gizo akan yadda ake yin Sabar Wasiku. Ofaya daga cikin cikakke -a ra'ayina na kaina- shine wanda marubucin ya bayar Ibarahim Abrahamsen a fitarta ta goma sha uku ga Janairun 2017 «Yadda zaka saita sabar wasiku akan tsarin GNU / Linux".
- Mun kuma bayar da shawarar karanta labarin «Mailserver akan Ubuntu 14.04: Postfix, Dovecot, MySQL«, ko «Mailserver akan Ubuntu 16.04: Postfix, Dovecot, MySQL".
- Gaskiya. Mafi kyawun takardu a wannan batun za'a iya samun su cikin Turanci.
- Kodayake ba mu taɓa yin Mailserver da aminci ba Yadda ake ... wanda aka ambata a sakin layi na baya, gaskiyar bin shi sau da ƙafa zai ba mu kyakkyawar fahimtar abin da za mu fuskanta.
- Idan kana son samun cikakkiyar Mailserver a cikin 'yan matakai, zaka iya saukar da hoton iRedOS-0.6.0-CentOS-5.5-i386.iso, ko ka nemi na zamani, iRedOS ne ko SarWani. Hanya ce da kaina nake ba da shawara.
Zamu girka kuma mu saita:
- Postfix azaman sabar Mtafarnuwa Transport Amut (SMTP).
- Dovecot azaman uwar garken POP - IMAP.
- Takaddun shaida don haɗi ta hanyar TLS.
- Squirrelmail a matsayin hanyar yanar gizo don masu amfani.
- Rikodin DNS dangane da «Tsarin Tsarin Sender»Ko SPF.
- Generationarni na Module Ungiyar Diffie Hellman don haɓaka tsaro na takaddun shaidar SSL.
Ya rage a yi:
Aƙalla ayyuka masu zuwa zasu kasance don aiwatarwa:
- postgrey: Manufofin uwar garken Postfix don Lissafin Grey kuma sun ƙi Junk Mail.
- Amavisd-sabo: rubutun da ke haifar da haɗin kai tsakanin MTA, da ƙwayoyin cuta da abubuwan da ke cikin matattara.
- Clamav riga-kafi: dakin riga-kafi
- SpamAssassin: cire Junk Mail
- Razor (pyzor): SPAM kamawa ta hanyar hanyar sadarwa mai rarraba da haɗin gwiwa. Cibiyar sadarwar Vipul Razor tana riƙe da kundin adireshin da aka sabunta na yaduwar wasikun banza ko SPAM.
- DNS rikodin "DomainKeys Identified Mail" ko DKIim.
Fakitin postgrey, amavisd-sabo, clamav, spamassassin, reza y pyzor Ana samun su a wuraren ajiyar shirin. Hakanan zamu sami shirin kyank.
- Ingantaccen sanarwa na rikodin DNS "SPF" da "DKIM" yana da mahimmanci idan ba mu son uwar garken wasikunmu kawai a fara aiki, a ayyana shi maras so ko mai samar da SPAM ko Wasikun Junk, ta wasu ayyukan wasiku kamar su Gmail, Yayyu, Hotmail, da sauransu.
Cheididdigar farko
Ka tuna cewa wannan labarin ci gaba ne na wasu waɗanda suka fara a ciki Squid + PAM Tabbatarwa akan CentOS 7.
Haɗin Ens32 LAN wanda aka haɗa zuwa Cibiyoyin Cikin gida
[tushen @ Linuxbox ~] # nano / sauransu / sysconfig / rubutun-hanyar sadarwa / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan DNS1=127.0.0.1
ZONE = jama'a
[tushen @ Linuxbox ~] # ifdown ens32 && ifup ens32
Ens34 WAN keɓaɓɓen haɗi zuwa Intanit
[tushen @ Linuxbox ~] # nano / sauransu / sysconfig / rubutun-hanyar sadarwa / ifcfg-ens34
Na'ura=ens34 ONBOOT=ee BOOTPROTO=a tsaye HWADDR=00:0c:29:da:a3:e7 NM_CONTROLLED=no IPADDR=172.16.10.10 NETMASK=255.255.255.0 IP GATEWAY=172.16.10.1 DOMAIN=desdelinux.fan DNS1=127.0.0.1
ZONE = waje
Tsarin DNS daga LAN
[tushen@linuxbox ~] # binciken cat /etc/resolv.conf desdelinux.fan nameserver 127.0.0.1 mai suna 172.16.10.30 [tushen @linuxbox ~] # saƙon mai watsa shiri email.desdelinux.fan ana kiransa da linuxbox.desdelinux.fan. linuxbox.desdelinux.fan yana da adireshin 192.168.10.5 linuxbox.desdelinux.fan mail ana sarrafa ta 1 mail.desdelinux.fan. [tushen @ linuxbox ~ # saƙon gidan waya.desdelinux.fan email.desdelinux.fan ana kiransa da linuxbox.desdelinux.fan. linuxbox.desdelinux.fan yana da adireshin 192.168.10.5 linuxbox.desdelinux.fan mail ana sarrafa ta 1 mail.desdelinux.fan.
Tsarin DNS daga Intanet
buzz@sysadmin:~$hostmail.desdelinux.fan 172.16.10.30 Amfani da uwar garken yanki: Suna: 172.16.10.30 Adireshi: 172.16.10.30#53 Laƙabi: mail.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan.
Matsalolin warware sunan mai masauki a gida «desdelinux.fan"
Idan kuna da matsalolin warware sunan mai masauki «desdelinux.fan"daga LAN, gwada yin tsokaci kan layin fayil / da sauransu / dnsmasq.conf inda aka ayyana gida =/desdelinux.fan/. Bayan haka, sake kunna Dnsmasq.
[tushen @ linuxbox ~] # nano /etc/dnsmasq.conf # Yi sharhi kan layin da ke ƙasa: # gida =/desdelinux.fan/ [tushen @ linuxbox ~] # sabis dnsmasq sake kunnawa Canza hanya zuwa / bin / systemctl sake kunnawa dnsmasq.service [tushen @ linuxbox ~] # matsayin sabis na dnsmasq [tushen @ linuxbox ~] # mai masaukin baki desdelinux.fan desdelinux.fan yana da adireshin 172.16.10.10 desdelinux.fan mail ana sarrafa ta 10 mail.desdelinux.fan.
Postfix da Dovecot
Ana iya samun cikakkun takardu na Postfix da Dovecot a:
[tushen @ Linuxbox ~] # ls /usr/share/doc/postfix-2.10.1/ bounce.cf. tsoho LICENSE README-Postfix-SASL-RedHat.txt KASHE KASHE main.cf.daidaiman TLS_ACKNOWLEDGEMENTS misalai README_FILES TLS_LICENSE [tushen @ Linuxbox ~] # ls /usr/share/doc/dovecot-2.2.10/ MARUBUTA COPYING.MIT dovecot-openssl.cnf LABARAI wiki KWADAYI ChangeLog misali-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml
A cikin CentOS 7, an saka Postfix MTA ta tsohuwa lokacin da muka zaɓi zaɓi na Sabis ɗin Infrastructure. Dole ne mu bincika cewa mahallin SELinux yana ba da damar yin rubutu zuwa Potfix a cikin layin saƙon gida:
[tushen @ linuxbox ~] # getsebool -a | postfix na shafawa
postfix_local_write_mail_spool -> on
Gyarawa a cikin FirewallD
Amfani da zane mai zane don saita FirewallD, dole ne mu tabbatar da cewa ana ba da sabis da tashoshi masu zuwa ga kowane Yanki:
# --------------------------------------------------------- ----- # Gyarawa a cikin FirewallD # --------------------------------------------------------- ----- # firewall # Yankin jama'a: http, https, imap, pop3, ayyukan smtp # Yankin jama'a: tashar jiragen ruwa 80, 443, 143, 110, 25 # Yankin waje: http, https, imap, pop3s, ayyukan smtp # Yankin waje: tashar jiragen ruwa 80, 443, 143, 995, 25
Muna shigar da Dovecot da shirye-shirye masu buƙata
[root @ linuxbox ~] # yum shigar da dovecot mod_ssl procmail telnet
Configurationarin daidaitawar Dovecot
[tushen @ linuxbox ~] # nano /etc/dovecot/dovecot.conf Ladabi = taswirar pop3 lmtp listen =*,:: login_gidanku = Dovecot ya shirya!
Mun hana musanya ingantaccen bayanin Dovecot:
[tushen @ Linuxbox ~] # nano /etc/dovecot/conf.d/10-auth.conf
disable_plaintext_auth = eh
Muna bayyana theungiyar tare da mahimman damar da ake buƙata don yin hulɗa da Dovecot, da kuma wurin saƙonnin:
[tushen @ Linuxbox ~] # nano /etc/dovecot/conf.d/10-mail.conf mail_location = mbox: ~ / mail: INBOX = / var / mail /% u mail_privileged_group = wasiƙa mail_access_groups = wasiƙa
Takaddun shaida ga Dovecot
Dovecot yana ƙirƙirar takaddun gwajin ku ta atomatik dangane da bayanai a cikin fayil ɗin /etc/pki/dovecot/dovecot-openssl.cnf. Don samun sababbin takaddun shaida da aka kirkira bisa ga buƙatunmu, dole ne muyi waɗannan matakan:
[tushen @ Linuxbox ~] # cd / sauransu / pki / dovecot / [tushen @ linuxbox dovecot] # nano dovecot-openssl.cnf [req] tsoho_bits = 1024 encrypt_key = eh distinguished_name = req_dn x509_extensions = cert_type m = babu [req_dn] # ƙasa (lambar harafi 2) C = CU # Sunan Jiha ko Lardi (cikakken suna) ST=Cuba # Locality Name (misali birni. ) L=Havana # Organization (misali kamfani) O=DesdeLinux.Fan # Sunan Ƙungiyar Ƙungiya (misali. sashe) OU=Masu sha'awa # Sunan gama gari (*.example.com kuma yana yiwuwa) CN=*.desdelinux.fan # Imel Contact emailAddress=buzz@desdelinux.fan [cert_type] nsCertType = uwar garken
Muna kawar da takaddun gwaji
[tushen @ linuxbox dovecot] # rm certs / dovecot.pem rm: share fayil ɗin yau da kullun "certs / dovecot.pem"? (y / n) y [tushen @ linuxbox dovecot] # rm masu zaman kansu / dovecot.pem rm: share fayil ɗin yau da kullun "masu zaman kansu / dovecot.pem"? (y / n) y
Muna kwafa da aiwatar da rubutun mkkaun.sh daga kundin bayanai
[tushen @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [tushen @ linuxbox dovecot] # bash mkcert.sh Ƙirƙirar maɓallin keɓaɓɓen 1024-bit RSA ......++++++ ................++++++ rubuta sabon maɓalli na sirri zuwa '/ sauransu/ pki/dovecot/private/dovecot.pem' ----- batun = /C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Masu sha'awa/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan SHA1 Fingerprint=5F:4A:0C:44:EC:EC:EF:95:73:3E:1E:37:D5:05:F8:23:7E:E1:A4:5A [tushen @ linuxbox dovecot] # ls -l certs / jimla 4 -rw -------. 1 tushen tushen 1029 Mayu 22 16:08 dovecot.pem [tushen @ linuxbox dovecot] # ls -l masu zaman kansu / jimla 4 -rw -------. 1 tushen tushen 916 Mayu 22 16:08 dovecot.pem [tushen @ linuxbox dovecot] # sake kunnawa dovecot [tushen @ linuxbox dovecot] # matsayin dovecot na sabis
Takaddun shaida don Postfix
[tushen @ linuxbox ~] # cd / sauransu/pki/tls/ [tushen @ linuxbox tls] # openssl req -sha256 -x509 -nodes -newkey rsa:4096 -days 1825 \ -out certs/desdelinux.fan.crt -keyout na sirri/desdelinux.fan.key Samar da maɓalli na sirri na 4096 RSA ........ da za a shigar a cikin takardar shaidar da bukatar. Abin da kuke shirin shigar shine abin da ake kira Distinguished Name ko DN. Akwai 'yan filaye kaɗan amma kuna iya barin wasu fanko Ga wasu filayen za a sami ƙimar tsoho, Idan kun shigar da '.', za a bar filin babu komai. -- Sunan Ƙasa (lambar harafi 2) [XX]: CU Jiha ko Sunan Lardi (cikakken suna) []: Sunan yankin Cuba (misali, birni) [Default City]:Havana Organization Name (misali, kamfani) [ Kamfanin Default Ltd]:DesdeLinux.Fan Organizational Unit Name (misali, sashe) []:Masu sha'awa Sunan gama gari (misali, sunan ku ko sunan uwar garken ku) []:desdelinux.fan Email Address []:buzz@desdelinux.fan
Configurationarin daidaitawar Postfix
Muna ƙarawa zuwa ƙarshen fayil ɗin / sauransu / sunayen na gaba:
tushe: kugi
Don canje-canjen don aiwatarwa muna aiwatar da umarnin mai zuwa:
[tushen @ linuxbox ~] # sababbin sababbin abubuwa
Tsarin Postifx za'a iya yin shi ta hanyar gyara fayil ɗin kai tsaye /etc/postfix/main.cf ko ta hanyar umarni postconf-e kula cewa duk ma'aunin da muke son gyara ko ƙarawa ana nuna shi a cikin layi ɗaya na na'ura mai kwakwalwa:
- Kowane ɗayan dole ne ya bayyana zaɓuɓɓukan da suka fahimta kuma suke buƙata!.
[tushen @ linuxbox ~] # postconf -e 'myhostname = desdelinux.fan' [tushen @ linuxbox ~] # postconf -e 'mydomain = desdelinux.fan' [tushen @ linuxbox ~] # postconf -e 'myorigin = $ mydomain' [tushen @ Linuxbox ~] # postconf -e 'inet_interfaces = duk' [root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, mail. $ mydomain, www. $ mydomain, ftp. $ mydomain' [tushen @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8' [root @ linuxbox ~] # postconf -e 'mailbox_command = / usr / bin / procmail -a "$ EXTENSION"' [root @ linuxbox ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'
Muna ƙarawa zuwa ƙarshen fayil ɗin /etc/postfix/main.cf zaɓuɓɓukan da aka ba a ƙasa. Don sanin ma'anar kowannensu, muna bada shawarar karanta takaddun da ke biye.
biff = babu append_dot_mydomain = babu jinkirta_gaggawa_ lokaci = 4h readme_directory = a'a smtpd_tls_cert_file =/etc/pki/certs/desdelinux.fan.crt smtpd_tls_key_file=/etc/pki/private/desdelinux.fan.key smtpd_use_tls = haka ne smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache smtpd_relay_restrictions = izinin_mynetworks permit_sasl_authenticated defer_unauth_destination # Matsakaicin akwatin gidan waya 1024 megabytes = 1 g da g akwatin gidan waya_size_limit = 1073741824 mai karɓa_delimiter = + maximal_queue_lifetime = 7d header_checks = regexp: / sauransu / postfix / header_checks tantancewar jiki = regexp: / sauransu / postfix / dubawar jiki # Lissafin da ke tura kwafin wasiku mai shigowa zuwa wani asusun mai karɓa_bcc_maps = zanta: / sauransu / postfix / asusun_ turawa_copy
Lines masu zuwa suna da mahimmanci don tantance wanda zai iya aika wasiku da aikawa zuwa wasu sabobin, don haka kar mu haɗu da "buɗe baƙi" wanda zai ba masu amfani marasa izini damar aika wasiƙa. Dole ne mu bincika shafukan taimako na Postfix don fahimtar abin da kowane zaɓi yake nufi.
- Kowane ɗayan dole ne ya bayyana zaɓuɓɓukan da suka fahimta kuma suke buƙata!.
smtpd_helo_restrictions = yarda_mynetworks,
yi gargaɗi_idan ƙi ƙi_nan_fqdn_hostname,
ƙi_invalid_hostname,
yarda
smtpd_sender_restrictions = yarda_sasl_authenticated,
Yi izini,
yi gargaɗi idan aka ƙi ƙi_annon_fqdn_sender,
ƙi_nasanin_sender_domain,
ƙi_unauth_pipelining,
yarda
smtpd_client_restrictions = ƙi_rbl_client sbl.spamhaus.org,
ƙi_rbl_client blackholes.easynet.nl
# LURA: Zaɓin "duba_policy_service inet: 127.0.0.1: 10023"
# yana ba da damar shirin Postgrey, kuma bai kamata mu haɗa shi ba
# in ba haka ba za mu yi amfani da Postgrey
smtpd_recipient_restrictions = ƙi_unauth_pipelining,
Yi izini,
yarda_sasl_authenticated,
ƙi_non_fqdn_recipient,
ƙi_un sani_recipient_domain,
ƙi_unauth_destination,
duba_policy_service inet: 127.0.0.1: 10023,
yarda
smtpd_data_restrictions = ƙi_unauth_pipelining
smtpd_relay_restrictions = ƙi_unauth_pipelining,
Yi izini,
yarda_sasl_authenticated,
ƙi_non_fqdn_recipient,
ƙi_un sani_recipient_domain,
ƙi_unauth_destination,
duba_policy_service inet: 127.0.0.1: 10023,
yarda
smtpd_helo_required = ee
smtpd_delay_reject = eh
musaki_vrfy_command = a
Mun ƙirƙiri fayilolin / sauransu / postfix / binciken jiki y / sauransu / postfix / accounts_forwarding_copy, kuma mun gyara fayil din / sauransu / postfix / header_checks.
- Kowane ɗayan dole ne ya bayyana zaɓuɓɓukan da suka fahimta kuma suke buƙata!.
[tushen @ linuxbox ~] # Nano / sauransu / postfix / binciken jiki
# Idan wannan fayil din ya gyaru, ba lallai bane # ayi postmap # Don gwada dokokin, gudana azaman tushe: # postmap -q 'sabon sabon v1agra' regexp: / sauransu / postfix / body_checks
# Ya kamata dawo: # RADDI Dokar # 2 Jikin Sako Na Anti
/ viagra / KASHE Dokar # 1 Anti Spam na jikin saƙo
/ super new v [i1] agra / KI Ruaukar Dokar # 2 Anti saƙon Spam ta jiki
[tushen @ Linuxbox ~] # nano / sauransu / postfix / asusun_ turawa_copy
# Bayan gyaggyarawa, dole ne ka aiwatar da: # postmap / sauransu / postfix / asusun_ turawa_copy
# kuma an ƙirƙiri ko auna file ɗin: # /etc/postfix/accounts_forwarding_copy.db
# ------------------------------------------------- # Asusu DAYA don tura BCC guda ɗaya kwafi # BCC = Kwafin Carbon Baƙin # Misali: # webadmin@desdelinux.fan buzz@desdelinux.fan
[tushen @ Linuxbox ~] # postmap / sauransu / postfix / asusun_ turawa_copy
[tushen @ Linuxbox ~] # nano / sauransu / postfix / header_checks
# Addara a ƙarshen fayil ɗin # BAYA BUKATAN Taswirar wasika kamar yadda suke maganganu na yau da kullun
/ ^ Take: =? Big5? / KI Ji ƙirar lambar Sinanci ba ta karɓar wannan sabar ba
/ ^ Subject: =? EUC-KR? / REJECT Ba a yarda da lambar Korea ba ta wannan saba ba
/ ^ Subject: ADV: / REJECT Tallan da ba a karɓar wannan sabar ba
/^Daga:.* \@.*\.cn/ RASHI Yi haƙuri, Ba a ba da izinin sakonnin China nan
/^Daga:.* \@.*\.kr/ RASHI Yi haƙuri, Ba a ba da izinin wasikun Koriya a nan ba
/^Daga:.* \@.*\.tr/ RASHI Yi haƙuri, Ba a ba da izinin wasikun Turkiyya a nan ba
/^Daga:.* \@.*\.ro/ RASHI Yi haƙuri, Ba a ba da izinin wasikun Romania a nan ba
/ ^Rece||Sako -Id|X-(Mailer|Sender)):.* \bb(AutoMail|E-Broadcaster|Emailer Platinum | Thunder Server | eMarksman | Extractor | e-Merge | daga stealth [^.] | Global Messenger | GroupMaster | Wasiku | MailKing | Match10 | MassE-Mail | massmail \ .pl | Breaker News | Powermailer | Saurin Gwaji | Shirye-shiryen Biyan WindoZ | WorldMerge | Yourdora | Lite) \ b / REJECT Babu izinin masu aika sakonni da yawa.
/ ^ Daga: "spammer / RASHI
/ ^ Daga: "spam / REJECT
/^ Jigon :.*viagra/ DISCARD
# Fadada hadari
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / REJECT REJECT Ba mu yarda da haɗe-haɗe tare da waɗannan ƙarin ba
Muna bincika tsarin aiwatarwa, sake kunna Apache da Postifx, kuma kunnawa da fara Dovecot
[tushen @ Linuxbox ~] # postfix duba [tushen @ Linuxbox ~] # [tushen @ Linuxbox ~] # systemctl sake farawa httpd [tushen @ linuxbox ~] # systemctl halin httpd [tushen @ Linuxbox ~] # systemctl sake farawa postfix [tushen @ linuxbox ~] # systemctl matsayin postfix [tushen @ linuxbox ~] # systemctl matsayin dovecot Ve dovecot.service - Dovecot IMAP / POP3 uwar garken imel An ɗora Kwatancen: [root @ linuxbox ~] # systemctl ya ba da damar yin kurciya [tushen @ linuxbox ~] # systemctl fara kurciya [tushen @ Linuxbox ~] # systemctl sake kunna dovecot [tushen @ linuxbox ~] # systemctl matsayin dovecot
Matakan kwantena
- Yana da mahimmanci sosai kafin a ci gaba da shigarwa da daidaita wasu shirye-shiryen, don yin ƙarancin binciken da ake buƙata na ayyukan SMTP da POP.
Na gida daga sabar kanta
Muna aika imel ga mai amfani na gida Legolas.
[root @ linuxbox ~] # amsa kuwwa "Barka dai. Wannan sakon gwaji ne" | mail -s "Gwajin" legolas
Muna duba akwatin gidan waya na Legolas.
[tushen @ Linuxbox ~] # openssl s_client -crlf-haɗi 127.0.0.1:110 -starttls pop3
Bayan sakon Dovecot ya Shirya! mun ci gaba:
--- + OK Dovecot ya Shirya! USER legolas +OK WUCE legolas +Ok Shiga. STAT +OK 1 559 LIST +OK 1 saƙonni: 1 559 . RETR 1 + Ok 559 octets Komawa:desdelinux.fan> X-Original-Zuwa: legolas Isarwa-Zuwa: legolas@desdelinux.fan An karɓo: by desdelinux.fan (Postfix, daga mai amfani 0) id 7EA22C11FC57; Litinin, 22 Mayu 2017 10:47:10 -0400 (EDT) Kwanan wata: Litinin, 22 Mayu 2017 10:47:10 -0400 Zuwa: legolas@desdelinux.fan Maudu'i: Gwajin Mai Amfani-Wakilin: Wasikar Heirloom 12.5 7/5/10 MIME-Version: 1.0 Abun ciki-Nau'in: rubutu/ bayyana; charset=us-ascii Abun ciki-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Daga: tushen@desdelinux.fan (tushen) Sannu. Wannan saƙon gwaji ne . DAUKATA [tushen @ Linuxbox ~] #
Nesa daga kwamfuta akan LAN
Bari mu sake aika wani saƙo zuwa Legolas daga wata kwamfutar akan LAN. Lura cewa tsaro na TLS BA ya zama mai tsananin ƙarfi a cikin Cibiyar Sadarwar SME.
buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \ - da legolas@desdelinux.fan\ -u "Barka dai" \ -m "Gaisuwa ga Legolas daga abokin ku Buzz" \ -s email.desdelinux.fan -o tls=a'a Mayu 22 10:53:08 sysadmin sendemail [5866]: An aika imel cikin nasara!
Idan mukayi kokarin haɗuwa ta hanyar telnet Daga mai watsa shiri akan LAN - ko daga Intanit, ba shakka - zuwa Dovecot, mai zuwa zai faru ne saboda mun hana ingantaccen bayanin bayyane:
buzz@sysadmin: ~$ telnet mail.desdelinux.fan 110 Gwada 192.168.10.5...
An haɗa zuwa Linuxbox.desdelinux.fan. Halin tserewa shine '^]'. + Ok Dovecot ya shirya! legolas mai amfani
-ERR [AUTH] An hana tantance bayanan sirri a bayyane akan hanyoyin da basu da tsaro (SSL / TLS).
daina + Ok Shiga Hanyar fita ta mai masaukin baki.
buzz @ sysadmin: ~ $
Dole ne muyi ta hanyar openssl. Cikakken fitowar umarnin zai kasance:
buzz@sysadmin:~$ openssl s_client -crlf -connect mail.desdelinux.fan:110 -starttls pop3 Haɗi (00000003) zurfin = 0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Masu sha'awa, CN = *.desdelinux.fan, emailAddress = buzz@desdelinux.fan Tabbatar da kuskure: num = 18: takardar shaidar sanya hannu ta tabbatar dawo: 1 zurfin = 0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Masu sha'awa, CN = *.desdelinux.fan, emailAddress = buzz@desdelinux.fan tabbatar da dawowa:1 --- Sarkar takaddun shaida 0 s:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Masu sha'awa/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan i:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Masu sha'awa/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Server certificate -----BEGIN CERTIFICATE----- MIICyzCCAjSgAwIBAgIJAKUHI/2ZD+MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51 eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR+Bnk+OZ80lujS2hP+nBmqxzJbpc XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW+lnPBqF2b/Bt2eYyR7gJhtlP6gRG V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW+QkLskum7ESryHZonKOCelfn2vnRl 8oAgHg7Hbtg/e6sR/W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql LT+MV5/DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6/VQBI8= -----END CERTIFICATE----- subject=/C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Masu sha'awa/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan mai bayarwa=/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Masu sha'awa/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Babu takardar shaidar abokin ciniki CA sunaye da aka aika Maɓallin Temp Maɓallin Sabar: ECDH, secp384r1, 384 bits --- musafikar SSL ta karanta bytes 1342 kuma an rubuta 411 bytes --- Sabon, TLSv1/SSLv3, Cipher shine ECDHE-RSA-AES256 -GCM-SHA384 Maɓallin jama'a na jama'a shine 1024 Amintaccen Sake Tattaunawa Ana goyan bayan Matsawa: BABU Fadada: BABU SSL-Zama: yarjejeniya: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Zama-ID: C745B4A0236204DC16234 15F9DB 3C084125BF5989E5D6A Zama-ID- ctx : Jagora-Key: 5295D4C2B73CEA1904F204AF564AF76361D50373C8879F793F7A7506FD04473777CD6F3503BC9BFF919E1F837g: NoFne Alamar shaidar K: Babu tikitin zaman TLS alamar rayuwa: 67 (dakika) Tikitin zaman TLS: 29 - 309e 352526a f5 5 300a 0000f 4 3- ee f8 a29 7f fc ec 4e 63c N:.)zOcr...O..~. 72 - 7c d6 zama a4 be 7 1e ae-0010 2e 4 8d 92 c2 98 a7 ,.....~.mE... 87 - db 6a 45 5 df 17b dc 8d-f0020 3f 86 80e db8 e8 .:......hn.... 8 - 1 68 e6 eb 7 b3 a86 0030-08 b35 ea f5 98 f8 c4 98 .68......h...r ..y 1 - 7 72a 7 e1 79 a5 0040b da-e89 4a 28 c3 85 bf 4 8d .J(......z).w.". 9 - bd 7c f29 7 77c a22 0 bd-cb 0050 5 6 61a dc 8 1 .\.a.....14'fz.Q( 31 - b27 na 66 bd 7b 51f d28 ec-d1 e0060 7 c35 2 0 b4 3 ..0.+.... ..14 8 - 65 03 f1 de 35 da ae 5-5 bd f0070 b38 e34 8c cf 48 31..H..90........ 6 - f0 6 9 19 84 b1 0080c db-aa ee 5a d42 56b 13c dd 88 .BV......Z...,.q 0 - 8a f5 7 1 2 71 c0090 7a-1 e03 70f 90c bf dc 94c a9 z..p.. ..b. ....... Lokacin farawa: 0 Lokacin ƙarewa: 62 (sec) Tabbatar da lambar dawowa: 5 (takardar sa hannu ta kai) --- + OK Dovecot ya Shirya! LAYOlas masu AMFANI + Yayi Wuce legolas + Yayi Ya shiga LIST + Ya yi saƙonni 1: 1 1021. RATR 1 + Ok 1021 octets Komawa Hanyar: X-Asali-Zuwa: legolas@desdelinuxAn Isar da fan-Zuwa: legolas@desdelinux.fan An karɓo: daga sysadmin.desdelinux.fan (kofar [172.16.10.1]) ta desdelinux.fan (Postfix) tare da ESMTP id 51886C11E8C0 dondesdelinux.fan>; Litinin, 22 Mayu 2017 15:09:11 -0400 (EDT) ID na saƙo: <919362.931369932-sendEmail@sysadmin> Daga: "buzz@deslinux.fan" Zuwa: "legolas@desdelinux.fan"desdelinux.fan> Batun: Sannu Kwanan wata: Litinin, 22 Mayu 2017 19: 09: 11 + 0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Abun ciki-Nau'in: Multipart / related; boundary="----MIME delimiter for sendEmail-365707.724894495" Wannan sako ne mai sassa da yawa a tsarin MIME. Don nuna wannan saƙon yadda ya kamata kuna buƙatar shirin Imel ɗin MIME-Version 1.0. ----MIME mai iyaka don aikawa da imel-365707.724894495 Abun ciki-Nau'in: rubutu/ bayyana; charset = "iso-8859-1" Content-Transfer-Encoding: 7bit Gaisuwa Legolas daga abokin ku Buzz ------MIME delimiter for sendEmail-365707.724894495-- . sallama + Yayi Yana fita. rufe buzz @ sysadmin: ~ $
Squirrelmail
Squirrelmail abokin cinikin yanar gizo ne wanda aka rubuta gaba ɗaya a cikin PHP. Ya haɗa da tallafin PHP na asali don ladaran IMAP da ladabi na SMTP, kuma yana ba da iyakar daidaituwa tare da masu bincike daban-daban da ake amfani da su. Yana gudana daidai akan kowane sabar IMAP. Yana da dukkan ayyukan da kuke buƙata daga abokin imel ɗin imel gami da goyon bayan MIME, littafin adireshi da gudanar da fayil.
[tushen @ linuxbox ~] # yum shigar squirrelmail
[tushen @ linuxbox ~] # sabis httpd sake farawa
[root @ linuxbox ~] # nano /etc/squirrelmail/config.php
$domain ='desdelinux.fan';
$imapServerAddress = 'mail.desdelinux.fan';
$ imapPort = 143;
$smtpServerAddress ='desdelinux.fan';
[tushen @ linuxbox ~] # sabis sake shigar da httpd
DNS Aika Manufofin Framenwork ko rikodin SPF
A cikin labarin NSD Server na DNS Mai sarrafawa + Shorewall Mun ga cewa Zone «desdelinux.fan» an saita shi kamar haka:
tushen @ ns: ~# nano /etc/nsd/desdelinux.fan.zone $ASALIN desdelinux.fan. $TTL 3H @ A SOA nos.desdelinux.fan. tushen.desdelinux.fan. ( 1 ; serial 1D ; sabunta 1H ; sake gwadawa 1W ; ƙare 3H ) ; mafi ƙarancin ko; Mara kyau lokacin caching don rayuwa; @ IN NS.desdelinux.fan. @ IN MX 10 imel.desdelinux.fan. @ IN TXT "v=spf1 a:mail.desdelinux.fan - duk" ; ; Rijista don warware tambayoyin tono desdelinux.fan @ IN A 172.16.10.10 ; ns IN A 172.16.10.30 mail IN CNAME desdelinux.fan. hira IN CNAME desdelinux.fan. www IN CNAME desdelinux.fan. ; ; Rubutun SRV masu alaƙa da XMPP _xmpp-uwar garke._tcp IN SRV 0 0 desdelinux.fan. _xmpp-abokin ciniki._tcp IN SRV 0 0 desdelinux.fan. _jabber._tcp IN SRV 0 0 5269 desdelinux.fan.
A ciki an bayyana rajista:
@ IN TXT "v=spf1 a:mail.desdelinux.fan - duk"
Don samun daidaitaccen sigogi iri ɗaya don SME Network ko LAN, dole ne mu canza fayil ɗin Dnsmasq mai daidaitawa kamar haka:
# Rubutun TXT. Hakanan zamu iya shelanta rikodin SPF txt-record=desdelinux.fan,"v=spf1 a:mail.desdelinux.fan - duk"
Sannan zamu sake farawa sabis ɗin:
[tushen @ linuxbox ~] # sabis dnsmasq sake kunnawa [tushen @ linuxbox ~] Matsayin sabis dnsmasq [tushen @ linuxbox ~] # mai watsa shiri -t TXT mail.desdelinux.fan mail.desdelinux.fan an lakace masa desdelinux.fan. desdelinux.fan bayanin rubutu "v=spf1 a:mail.desdelinux.fan - duk"
Takaddun Takaddun Takaddun kai da Apache ko httpd
Ko da mai binciken ka ya gaya maka cewa «Maigidan email.desdelinux.fan Kun saita gidan yanar gizonku ba daidai ba. Don hana bayaninka daga sata, Firefox bai haɗu da wannan rukunin yanar gizon ba ”, takardar shaidar da aka samar a baya YANA KYAU, kuma zai ba da izinin takardun shaidarka tsakanin abokin ciniki da uwar garke don yin ɓoye ɓoye, bayan mun yarda da takardar shaidar.
Idan kuna so, kuma a matsayin wata hanya ta haɗa takaddun shaida, kuna iya bayyana wa Apache irin takaddun shaidar da kuka bayyana don Postfix, wanda yake daidai.
[tushen @ Linuxbox ~] # nano /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/desdelinux.fan.crt
SSLCertificateKeyFile /etc/pki/tls/private/desdelinux.fan.key
[tushen @ Linuxbox ~] # sabis na httpd sake farawa
[tushen @ Linuxbox ~] # sabis httpd matsayi
Ungiyar Diffie-Hellman
Batun Tsaro ya zama yana da wahala kowace rana akan Intanet. Ofayan ɗayan hare-hare da aka saba akan haɗi SSL, shine shi logjam kuma don kare shi ya zama dole don ƙara sifofin da ba na al'ada ba ga tsarin SSL. Don wannan akwai BA-3526 «Exparin Mahimmancin Modirar (ModP) diffie-helman kungiyoyin don musayar Maɓallin Intanit (IKE)".
[tushen @ Linuxbox ~] # cd / sauransu / pki / tls /
[tushen @ linuxbox tls] # openssl dhparam -out masu zaman kansu / dhparams.pem 2048
[tushen @ linuxbox tls] # chmod 600 masu zaman kansu / dhparams.pem
Dangane da sigar Apache da muka girka, zamuyi amfani da Dungiyar Diffie-Helman daga fayil ɗin /etc/pki/tls/dhparams.pem. Idan nau'I ne na 2.4.8 ko kuma daga baya, to lallai ne mu kara zuwa fayil din /etc/httpd/conf.d/ssl.conf layi mai zuwa:
SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"
Abubuwan da muke amfani dasu shine:
[tushen @ linuxbox tls] # yum info httpd
Plugarin plugins da aka ɗora: fastestmirror, langpacks Login saurin madubi daga maƙallan uwar garken ajiya da aka Sanya fakitin Sunan: httpd Gine-gine: x86_64
Saka: 2.4.6
Saki: 45.el7.centos Girman: 9.4 M Ma'ajiya: shigar Daga ma'aji: Takaitaccen Base-Repo: Apache HTTP Server URL: http://httpd.apache.org/ Lasisi: ASL 2.0 Bayani: Sabis ɗin HTTP na Apache yana da ƙarfi , ingantaccen, kuma ƙari: sabar yanar gizo.
Kamar yadda muke da siga kafin 2.4.8, za mu ƙara abun cikin ƙungiyar Diffie-Helman zuwa ƙarshen takardar shaidar CRT da aka samar a baya:
[tushen @ linuxbox tls] # cat masu zaman kansu / dhparams.pem >> certs/desdelinux.fan.crt
Idan kana son bincika cewa an sanya sifofin DH daidai da takardar shaidar CRT, aiwatar da waɗannan dokokin:
[tushen @ linuxbox tls] # cat masu zaman kansu / dhparams.pem ----- SIFFOFI FARA DH ----- MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP /O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe 8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv /LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3 cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg== ----- KARSHEN DH SIFFOFI ----- [tushen @ linuxbox tls]# cat certs/desdelinux.fan.crt -----BEGIN CERTIFICATE----- MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8 sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr /BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1 5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe /02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm 1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V 6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3 2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5 8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU 4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh Nf0/JsEjPklCugE= -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP /O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe 8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv /LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3 cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg== ----- KARSHEN DH SIFFOFI -----
Bayan waɗannan canje-canjen, dole ne mu sake farawa Postfix da sabis na httpd:
[root @ linuxbox tls] # sake kunnawa postfix sabis [tushen @ linuxbox tls] # matsayin postfix sabis [tushen @ linuxbox tls] # sabis httpd sake kunnawa [tushen @ linuxbox tls] # sabis na httpd
Hada Dungiyar Diffie-Helman a cikin takaddun shaidar TLS ɗinmu na iya yin haɗuwa kan HTTPS ɗan jinkiri, amma ƙari na tsaro yana da daraja sosai.
Duba Squirrelmail
SANNAN cewa takaddun takaddun suna daidai kuma muna bincika ayyukansu daidai kamar yadda muka yi ta hanyar umarnin wasan bidiyo, nuna mai binciken da kuka fi so zuwa URL http://mail.desdelinux.fan/webmail kuma zai haɗu da abokin cinikin yanar gizo bayan karɓar takaddar dacewa. Lura cewa, kodayake kun sanya yarjejeniyar HTTP, za a miƙa shi zuwa HTTPS, kuma wannan ya faru ne saboda daidaitaccen tsari wanda CentOS ke bayarwa don Squirrelmail. Duba fayil /etc/httpd/conf.d/squirrelmail.conf.
Game da akwatin gidan mai amfani
Dovecot ya ƙirƙiri akwatin gidan waya na IMAP a cikin babban fayil ɗin home kowane mai amfani:
[root @ linuxbox ~] # ls -la /home/legolas/mail/.imap/ duka 12 drwxrwx ---. 5 legolas mail 4096 Mayu 22 12:39. drwx ------. 3 legolas legolas 75 Mayu 22 11:34 .. -rw -------. 1 legolas legolas 72 Mayu 22 11:34 dovecot.mailbox.log -rw -------. 1 legolas legolas Mayu 8 22 12:39 dovecot-uidvalidity -r - r - r--. 1 legolas legolas 0 Mayu 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. 2 legolas mail 56 Mayu 22 10:23 INBOX drwx ------. 2 legolas legolas 56 Mayu 22 12:39 An Aika drwx ------. 2 legolas legolas 30 Mayu 22 11:34 Shara
Ana kuma adana su a cikin / var / mail /
[tushen @ linuxbox ~] # kasa / var / mail / legolas Daga MAILER_DAEMON Litinin Mayu 22 10:28:00 2017 Ranar: Litinin, 22 Mayu 2017 10:28:00 -0400 Daga: Bayanan Cikin Gida na Tsarin Wasiku Maudu'i: KADA KA SHAFE WANNAN SAKON -- FOLDER INTERNAL DATA Message-ID: <1495463280@linuxbox> . Ana ƙirƙira shi ta atomatik ta software ɗin tsarin saƙo. Idan an share, mahimman bayanan babban fayil za su ɓace, kuma za a sake ƙirƙira su tare da sake saita bayanan zuwa ƙimar farko. Daga tushen@desdelinux.fan Litinin Mayu 22 10:47:10 2017 Hanyar Komawa:desdelinux.fan> X-Original-Zuwa: legolas Isarwa-Zuwa: legolas@desdelinux.fan An karɓo: by desdelinux.fan (Postfix, daga mai amfani 0) id 7EA22C11FC57; Litinin, 22 Mayu 2017 10:47:10 -0400 (EDT) Kwanan wata: Litinin, 22 Mayu 2017 10:47:10 -0400 Zuwa: legolas@desdelinux.fan Maudu'i: Gwajin Mai Amfani-Wakilin: Wasikar Heirloom 12.5 7/5/10 MIME-Version: 1.0 Abun ciki-Nau'in: rubutu/ bayyana; charset=us-ascii Abun ciki-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Daga: tushen@desdelinux.fan (tushen) X-UID: 7 Matsayi: RO Sannu. Wannan saƙon gwaji ne Daga buzz@deslinux.fan Litinin Mayu 22 10:53:08 2017 Hanyar Komawa: X-Asali-Zuwa: legolas@desdelinuxAn Isar da fan-Zuwa: legolas@desdelinux.fan An karɓo: daga sysadmin.desdelinux.fan (kofar [172.16.10.1]) ta desdelinux.fan (Postfix) tare da ESMTP id C184DC11FC57 dondesdelinux.fan>; Litinin, 22 Mayu 2017 10:53:08 -0400 (EDT) ID na saƙo: <739874.219379516-sendEmail@sysadmin> Daga: "buzz@deslinux.fan" Zuwa: "legolas@desdelinux.fan"desdelinux.fan> Maudu'i: Sannu Kwanan wata: Litinin, 22 Mayu 2017 14: 53: 08 + 0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Abun ciki-Nau'in: Multipart / related; iyaka = "----MIME mai iyaka don aikawa da imel-794889.899510057 / var / mail / legolas
PAM taƙaita abubuwan taƙaitawa
Mun kalli tushen Mailserver kuma mun ɗan ɗan ba da tsaro. Muna fatan cewa labarin zai zama Matsayi na Shigowa ga batun mai rikitarwa kuma mai saukin kamuwa da kuskure kamar aiwatar da Sabar Wasiku da hannu.
Muna amfani da ingantaccen mai amfani na gida saboda idan mun karanta fayil ɗin daidai /etc/dovecot/conf.d/10-auth.conf, Za mu ga cewa a ƙarshe an haɗa shi -ta hanyar tsoho- fayil ɗin tabbatarwa na masu amfani da tsarin ! hada da tsarin-tsarin.conf.ext. Daidai wannan fayil ɗin yana gaya mana a cikin taken cewa:
[tushen @ Linuxbox ~] # kasa /etc/dovecot/conf.d/auth-system.conf.ext
# Tabbatarwa ga masu amfani da tsarin. Hada daga 10-auth.conf. # # # # Tabbatar da PAM. An fi son zamanin yau ta yawancin tsarin.
# PAM galibi ana amfani dashi tare da ko dai mai amfani passdd ko mai amfani userdb. # TUNA: Za ku buƙaci fayil /etc/pam.d/dovecot wanda aka kirkira don PAM # gaskatawa don aiki da gaske. passdb {driver = pam # [zaman = eh] [setcred = eh] [failure_show_msg = eh] [max_requests = ] # [cache_key = ] [ ] # nema = kurciya}
Kuma akwai sauran fayil ɗin /etc/pam.d/dovecot:
[tushen @ linuxbox ~] # cat /etc/pam.d/dovecot #% PAM-1.0 auth ake bukata pam_nologin.so auth sun hada da password-auth account sun hada da password-auth zaman sun hada da password-auth
Me muke ƙoƙarin isarwa game da amincin PAM?
- CentOS, Debian, Ubuntu, da sauran rarraba Linux da yawa suna shigar da Postifx da Dovecot tare da ingantaccen gida ta hanyar tsoho.
- Yawancin labarai akan Intanet suna amfani da MySQL - kuma kwanan nan MariaDB - don adana masu amfani da sauran bayanan game da Mailserver. AMMA waɗannan sabobin ne na DUBU MASU AMFANI, kuma ba don ingantaccen hanyar sadarwa ta SME tare da - ƙila - ɗaruruwan masu amfani ba.
- Tabbatarwa ta hanyar PAM ya zama dole kuma ya isa don samar da sabis na cibiyar sadarwa muddin suna aiki a kan sabar ɗaya kamar yadda muka gani a wannan ƙaramin aikin.
- Masu amfani da aka adana a cikin bayanan LDAP za a iya yin taswira kamar dai su masu amfani ne na gari, kuma ana iya amfani da tantancewar PAM don samar da sabis na cibiyar sadarwa daga sabobin Linux daban-daban waɗanda ke aiki a matsayin abokan cinikin LDAP zuwa uwar garken ingantaccen cibiyar. Ta wannan hanyar, zamuyi aiki tare da takaddun shaidar masu amfani waɗanda aka adana a cikin rumbun adana bayanan uwar garken LDAP na tsakiya, kuma ba zai zama mai mahimmanci ba don adana bayanai tare da masu amfani na gari.
Har zuwa kasada ta gaba!
Yi imani da ni cewa a aikace wannan tsari ne wanda ke ba da fiye da ɗaya sysadmin ciwon kai mai tsanani, na tabbata cewa a nan gaba zai zama jagorar ishara ga duk wanda yake son gudanar da imel ɗin kansa, shari'ar aiki da ta zama a cikin abc lokacin da hada postfix, dovecot, squirrelmail ..
Na gode sosai da gudummawar da kuka yaba,
Me zai hana a yi amfani da Wasikun Wasiku, idan ya zo ga tsaro, tare da PGP? Hakanan Roundcube yana da ƙwarewar fahimta sosai kuma yana iya haɗa PGP.
3 kwanakin da suka gabata na karanta sakon, Na san yadda zan gode muku. Ban shirya shigar da sabar wasiku ba amma koyaushe yana taimakawa ganin kirkirar takaddun shaida, masu amfani ga sauran aikace-aikace kuma wadannan koyarwar da kyar zasu kare (musamman idan kayi amfani da centOS).
Manuel Cillero: Na gode don haɗawa zuwa da kuma daga shafin yanar gizonku wannan labarin wanda shine mafi ƙarancin tushen sabar wasiku dangane da Postfix da Dovecot.
Lizard: Kamar koyaushe, ana karɓar kimantawar ku sosai. Na gode.
Darko: A kusan kusan duk labarina na bayyana fiye ko thatasa da cewa "Kowa yana aiwatar da aiyukan tare da shirye-shiryen da suka fi so." Godiya ga sharhi.
Martin: Na gode ma ku don karanta labarin kuma ina fatan zai taimaka muku a cikin aikinku.
Babban labarin aboki Federico. Na gode sosai da irin wannan kyakkyawan tuto.
kwarai kwarai kodayake zanyi amfani da "masu amfani da kamala" don kaucewa samun kirkirar mai amfani da tsarin duk lokacin dana kara email, godiya nayi danaji sabbin abubuwa da yawa kuma wannan shine irin sakon da nake jira
Daren maraice,
Za su yi kuskure su yi iri ɗaya tare da sabar fayil ɗin fedora + postifx + dovecot + thunderbird ko hangen nesa.
Ina da wani bangare amma na makale, da farin ciki zan raba takardar ga al'umma @desdelinux
Banyi tunanin cewa zai kai ziyarar sama da 3000 ba !!!
Gaisuwa Lizard!
Madalla da abokin aikin koyarwa.
Shin zaku iya yin shi don Debian 10 tare da masu amfani da Littafin Aiki wanda aka ɗora akan Samba4 ???
Ina tsammanin zai zama kusan iri ɗaya amma canza nau'in tabbatarwa.
Bangaren da kuka sadaukar domin kirkirar takaddun shaidar sanya hannu yana da ban sha'awa sosai.