Postfix + Dovecot + Squirrelmail iyo isticmaaleyaasha maxalliga ah - Shabakadaha SMB

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Maqaalkani waa sii wadida iyo ugudambeyntii howlaha yaryar:

Waad salaaman tihiin asxaabta iyo asxaabta!

ka Xamaasad waxay rabaan inay yeeshaan server mailkooda ah. Ma rabaan inay adeegsadaan server-yada meesha "Asturnaanta" u dhexeyso calaamadaha su'aasha. Qofka mas'uulka ka ah hirgalinta adeegga adeegahaaga yar maahan khabiir ku takhasusay mowduuca oo wuxuu marka hore isku dayi doonaa inuu rakibo xuddunta mustaqbalka iyo dhammaystirka server-ka. Taasi miyay tahay "isleegyada" in la sameeyo Mailserver Buuxa ay xoogaa adag tahay in la fahmo lana adeegsado. 😉

Faahfaahinta xadka

  • Waa lagama maarmaan in si cad loo caddeeyo shaqooyinka barnaamij kasta oo ku lug leh Mailserver uu qabanayo. Tilmaame bilow ah waxaan ku siineynaa taxane dhan oo xiriiriyeyaal faa'iido leh ujeedada la sheegay ee la booqday.
  • Adiga oo gacanta ku fulinaya Adeegga Dhamaystiran ee Adeegga Boostada meel ugasoo bilowda ayaa ah hawl daal badan, illaa aad ka mid tahay "kuwa la doortay" ee qabta hawsha noocan ah maalin kasta. Server A Mail ayaa loo sameeyay - qaab guud- barnaamijyo kala duwan oo si gooni gooni ah u maareeya SMTP, POP / IMAP, Kaydinta farriimaha maxalliga ah, howlaha la xiriira daaweynta SPAM, Antivirus, iwm. DHAMMAAN barnaamijyadan waa inay si sax ah ula xiriiraan.
  • Ma jiro hal cabir oo ku habboon dhammaan ama "hababka ugu fiican" ee ku saabsan sida loo maareeyo adeegsadayaasha; meesha iyo sida loo keydiyo farriimaha, ama sida looga dhigo dhammaan qeybaha inay u shaqeeyaan sidii guud ahaan.
  • Isku soo wada duubida iyo hagaajinta Mailserver waxay u egtahay wax laga xumaado arrimaha sida rukhsadaha iyo milkiileyaasha faylalka, xulashada cidda isticmaaleyaashu mas'uul ka noqonayso nidaam gaar ah, iyo khaladaad yaryar oo lagu sameeyay faylka qaabeynta qaabdhismeedka qaarkood.
  • Ilaa aad si fiican u ogtahay waxa aad samaynayso, natiijada ugu dambaysa waxay noqon doontaa mid aan ammaan ahayn ama wax yar oo aan shaqeynayn Server Server. Taasi dhamaadka fulinta Ma shaqeynayso, waxay noqon doontaa mid ka yar sharka.
  • Waxaan ka heli karnaa internetka qaddar wanaagsan oo ah habka cuntada loo sameeyo ee ku saabsan sida loo sameeyo Server Server. Mid ka mid ah kuwa ugu dhameystiran -aragtidayda shaqsi ahaaneed- waa tan uu soo bandhigay qoraagu ivar Abraham ee daabacaaddeedii saddex iyo tobnaad ee Janawari 2017 «Sida loo sameeyo server mail ah nidaamka GNU / Linux«.
  • Waxaan sidoo kale kugula talineynaa aqrinta maqaalka «Mailserver ah Ubuntu 14.04: Postfix, Dovecot, MySQL«, ama «Mailserver ah Ubuntu 16.04: Postfix, Dovecot, MySQL«.
  • Run. Dukumiintiyada ugu fiican ee arintan ku saabsan waxaa laga heli karaa Ingiriisi.
    • In kasta oo aanaan waligeen samayn doonin Mailserver si daacad ah ay u hogaamiyaan Sida loo ... ee ku xusan tuduca hore, xaqiiqda kaliya ee aan u raacno talaabo talaabo ayaa fikrad fiican naga siin doonta waxa aan wajihi doono.
  • Haddii aad rabto inaad ku hesho Mailserver dhameystiran dhowr tallaabo oo keliya, waad soo degsan kartaa sawirka iRedOS-0.6.0-CentOS-5.5-i386.iso, ama raadi mid ka casrisan, ha noqdo iRedOS ama iRedMail. Waa habka aan shaqsiyan kula taliyo.

Waxaan dooneynaa inaan rakibno oo aan qaabeyno:

Waa weli in la sameeyo:

Ugu yaraan adeegyadan soo socda ayaa sii ahaanaya in la hirgeliyo:

  • postgrey: Siyaasadaha server Postfix ee Liiska Gray oo diidaan Junk Mail.
  • Amavisd-cusub.
  • Antivirus -ka Clamav: qaybta antivirus
  • SpamAssassin: ka soo saar Junk Mail
  • Rooter (pyzorQabashada SPAM iyada oo loo marayo shabakad qaybsan oo wadashaqeyn leh. Shabakada Vipul Razor waxay haysaa buugga la cusbooneysiiyey ee faafinta waraaqaha qashinka ah ama SPAM.
  • Diiwaanka DNS "MailKeys Aqoonsiga Boosta" ama DKIM.

Xirmooyinka postgrey, amavisd-cusub, clamav, spamassassin, mandiil y pyzor Waxaa laga helaa bakhaarada barnaamijka. Waxaan sidoo kale heli doonnaa barnaamijka furan.

  • Bayaanka saxda ah ee diiwaanka DNS "SPF" iyo "DKIM" waa lama huraan haddii aanan dooneyno in adeegeena fariimaha kaliya la howlgaliyo, in loogu dhawaaqo mid aan la rabin ama soo saare ka ah SPAM ama Junk Mail, oo loogu talagalay adeegyada kale ee boostada sida Gmail, Yah, Hotmail, iwm.

Jeegaga hore

Xusuusnow in qodobkani yahay sii socoshada kuwa kale oo ka bilaabmaya Xaqiijinta Squid + PAM ee CentOS 7.

Iskuxirka Ens32 LAN wuxuu kuxiranyahay Shabakada Gudaha

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
QAYBTA = dadweynaha

[xididka @ Linux_ ~] # ifdown ens32 && ifup ens32

Ens34 WAN wuxuu kuxiranyahay internetka

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens34
QAYBTA = ens34 ONBOOT = haa BOOTPROTO = HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = maya IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # router ADSL wuxuu kuxiran yahay # isdhexgalkaan # cinwaanka soo socda GATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
AAGA = dibedda

Xallinta DNS ee LAN

[root @ linuxbox ~] # bisad /etc/resolv.conf ka raadi Linux.fan magac bixiyaha 127.0.0.1 magac bixiyaha 172.16.10.30 [xididka @ linuxbox ~] # boostada martida loo yahay
mail.desdelinux.fan waa magac u gaar ah linuxbox.desdelinux.fan. linuxbox.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.5 linuxbox.desdelinux.fan mail waxaa gacanta ku haya 1 mail.desdelinux.fan.

[xididka @ linuxbox ~] # martigeliyaha boostada.fromlinux.fan
mail.desdelinux.fan waa magac u gaar ah linuxbox.desdelinux.fan. linuxbox.desdelinux.fan wuxuu leeyahay cinwaan 192.168.10.5 linuxbox.desdelinux.fan mail waxaa gacanta ku haya 1 mail.desdelinux.fan.

Xalka DNS ee internetka

buzz @ sysadmin: ~ $ host mail.fromlinux.fan 172.16.10.30
Adoo adeegsanaya server-ka: Magaca: 172.16.10.30 Cinwaanka: 172.16.10.30 # 53 Naanaysyada: mail.desdelinux.fan waa magac loo yaqaan desdelinux.fan.
laga bilaabo Linux.fan wuxuu leeyahay cinwaan 172.16.10.10
desdelinux.fan mail waxaa gacanta ku haya 10 mail.desdelinux.fan.

Dhibaatooyinka xalinta magaca martida "desdelinux.fan" maxalli ahaan

Haddii dhibaato kaa haysato xallinta magaca martida «fromlinux.fan"ka LAN, isku day inaad faallo ka bixiso khadka faylka /etc/dnsmasq.conf halka lagaga dhawaaqay maxalli ah / / ka Linux.fan /. Ka dib, dib u bilow Dnsmasq.

[xididka @ Linux_ ~] # nano /etc/dnsmasq.conf # Faallo khadka hoose:
# maxalli = / desdelinux.fan /

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
U hagida dhanka / bin / systemctl dib u bilaw dnsmasq.service

[xididka @ Linux_ ~] # adeegga dnsmasq xaaladdiisa

[xididka @ Linux_ ~] # martigeliyaha ka Linux.fan
desdelinux.fan wuxuu leeyahay cinwaan 172.16.10.10 desdelinux.fan boostada waxaa maareeya 10 mail.desdelinux.fan.

Postfix iyo Dovecot

Dukumiintiyada aadka u ballaaran ee Postfix iyo Dovecot waxaa laga heli karaa:

[xididka @ Linux_ ~] # ls /usr/share/doc/postfix-2.10.1/
bounce.cf.dejin ah LIISSANKA README-Postfix-SASL-RedHat.txt ISKUULNIMADA main.cf.dabeelaha TLS_ACKNOWLEDGEMENTS tusaalayaal README_FILES TLS_LICENSE

[xididka @ Linux_ ~] # ls /usr/share/doc/dovecot-2.2.10/
AUTHORS COPYING.MIT dovecot-openssl.cnf NEWS wiki COPYING ChangeLog example-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml

CentOS 7, Postfix MTA waxaa lagu rakibay si caadi ah markaan doorano ikhtiyaarka Server Server Kaabayaasha. Waa inaan hubinno in macnaha SELinux uu oggolaanayo qorista Potfix safka fariinta maxalliga ah:

[xididka @ linuxbox ~] # getsebool -a | grep boostada
postfix_local_write_mail_spool -> on

Wax ka beddelka FirewallD

Iyadoo la adeegsanayo istiraatiijiga garaafka si loo jaangooyo FirewallD, waa inaan hubinnaa in adeegyada iyo dekedda soo socda loo karti yeelay Aag kasta:

# ------------------------------------------------- -----
# Dayactirka FirewallD
# ------------------------------------------------- -----
# firewall
# Aagga dadweynaha: http, https, imap, pop3, adeegyada smtp
# Aagga dadweynaha: dekedaha 80, 443, 143, 110, 25

# Aagga Dibadda: http, https, imap, pop3s, adeegyada smtp
# Aagga Dibadda: dekedaha 80, 443, 143, 995, 25

Waxaan rakibnaa Dovecot iyo barnaamijyo lagama maarmaan ah

[root @ linuxbox ~] # yum ku rakib dovecot mod_ssl procmail telnet

Isku-darka Dovecot-ka ugu yar

[xididka @ linuxbox ~] # nano /etc/dovecot/dovecot.conf
nidaamyada = imap pop3 lmtp
dhagaysan = *, ::
login_g salaanta = Qoolleydu waa diyaar!

Waxaan si cad u joojineynaa cadeynta Dovecot:

[xididka @ Linux_ ~] # nano /etc/dovecot/conf.d/10-auth.conf 
Disable_plaintext_auth = haa

Waxaan ku dhawaaqeynaa Kooxda leh mudnaanta lagama maarmaanka u ah inay la falgalaan Dovecot, iyo goobta fariimaha:

[xididka @ Linux_ ~] # nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox: ~ / mail: INBOX = / var / mail /% u
mail_privileged_group = boosta
mail_access_groups = boosto

Shahaadooyinka Dovecot

Dovecot waxay si otomaatig ah u soo saartaa shahaadooyinkaaga imtixaanka iyada oo ku saleysan xogta ku jirta faylka /etc/pki/dovecot/dovecot-opensl.cnf. Si loo helo shahaadooyin cusub oo loo soo saaray iyadoo loo eegayo shuruudahayaga, waa inaan fulinnaa tallaabooyinka soo socda:

[xididka @ linuxbox ~] # cd / iwm / pki / dovecot /
[xididka @ linuxbox dovecot] # nano dovecot-openssl.cnf
[req] default_bits = 1024 encrypt_key = haa distinguished_name = req_dn x509_extensions = cert_type prompt = maya [req_dn] # wadan (2 lambar xaraf) C = CU # Gobolka ama Magaca Gobolka (magac buuxa) ST = Cuba # Magaca Deegaanka (tusaale. magaalo ) L = Habana # Abaabul (tusaale. Shirkad) O = FromLinux.Fan # Magaca Unugga Urur (tusaale. Qaybta) OU = Xamaasadeyaasha # Magaca Guud (* .example.com sidoo kale waa macquul) CN = *. Desdelinux.fan # E -mail la soo xiriir emailAddress=buzz@desdelinux.fan [cert_type] nsCertType = server

Waxaan baabi'ineynaa shahaadooyinka imtixaanka

[xididka @ linuxbox dovecot] # rm certs / dovecot.pem 
rm: tirtir faylka caadiga ah "certs / dovecot.pem"? (y / n) y
[xididka @ linuxbox dovecot] # rm gaar / dovecot.pem 
rm: tirtir faylka caadiga ah "private / dovecot.pem"? (y / n) y

Waxaan nuquleynaa oo fulinaa qoraalka mkcert.sh laga helo galka dukumiintiyada

[xididka @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [xididka @ linuxbox dovecot] # bash mkcert.sh 
Abuurista fure gaar ah oo 1024 bit RSA ah ...... ++++++ ................ ++++++ qorista fure cusub oo gaar loo leeyahay '/ etc / pki / dovecot / private / dovecot.pem '----- subject = /C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress= buzz@desdelinux.fan SHA1 Fingerprint = 5F: 4A: 0C: 44: EC: EC: EF: 95: 73: 3E: 1E: 37: D5: 05: F8: 23: 7E: E1: A4: 5A

[xididka @ linuxbox dovecot] # ls -l certs /
wadarta 4 -rw -------. 1 xididka xididka 1029 Meey 22 16:08 dovecot.pem
[xididka @ linuxbox dovecot] # ls -l gaar /
wadarta 4 -rw -------. 1 xididka xididka 916 Meey 22 16:08 dovecot.pem

[xididka @ linuxbox dovecot] # adeeg dovecot dib u bilaw
[xididka @ linuxbox dovecot] # adeegga qoolleyda

Shahaadooyinka Postfix

[xididka @ Linux_ ~] # cd / iwm / pki / tls / [xididka @ linuxbox tls] # openssl req -sha256 -x509 -nodes -newkey rsa: 4096 -days 1825 \ -out certs / desdelinux.fan.crt -keyout gaar / desdelinux.fan.key

Abuuritaanka furaha gaarka ah ee 4096 bit RSA ......... ++ .. ++ qorista fure cusub oo khaas ah 'gaarka / domain.tld.key' ----- Waxaa lagaa codsan doonaa inaad soo gasho macluumaad taas ayaa lagu dari doonaa codsigaaga shahaadada. Waxa aad gali doontid waa waxa loogu yeero Magac Sharaf leh ama DN. Waxaa jira dhowr goobood laakiin waad ka tagi kartaa xoogaa bannaan Meelaha qaar waxaa ku jiri doona qiime caadi ah, haddii aad gasho '.', Goobta ayaa laga tagi doonaa iyadoo maran. ----- Magaca Wadanka (2 lambar xarfo) [XX]: CU State ama Magaca Gobolka (magac buuxa) []: Magaca Deegaanka Cuba (tusaale ahaan, magaalo) [Default City]: Magaca Ururka Habana (tusaale, shirkad) [ Shirkadda Default Ltd]: desdeLinux.Fan Magaca Cutubka Abaabulka (tusaale ahaan, qaybta) []: Dhiirrigeliyaha Magaca Guud (tusaale, magacaaga ama magacaaga martigeliyaha ee server-ka) []: desdelinux.fan Cinwaanka Emailka []: buzz@desdelinux.fan

Isku-darka ugu-yar ee Postfix

Waxaan kudaraynaa dhamaadka faylka / etc / aliases soo socda:

xidid: buuq

Isbedelada si ay u dhaqan galaan waxaan fulinaa amarka soo socda:

[xididka @ linuxbox ~] # cusub

Qaabeynta Postifx waxaa lagu sameyn karaa iyadoo si toos ah loo saxo feylka /etc/postfix/main.cf ama amar ahaan postconf -e taxaddar in dhammaan halbeegga aan dooneyno inaan wax ka beddelno ama ku darno uu ka muuqdo hal saf oo konsalka ah:

  • Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.
[xididka @ Linux_ ~] # postconf -e 'myhostname = desdelinux.fan'
[xididka @ Linux_ ~] # postconf -e 'mydomain = desdelinux.fan'
[xididka @ Linux_ ~] # postconf -e 'myorigin = $ mydomain'
[xididka @ Linux_ ~] # postconf -e 'inet_interfaces = all'
[root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, mail. $ mydomain, www. $ mydomain, ftp. $ mydomain'

[xididka @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8'
[root @ linuxbox ~] # postconf -e 'mailbox_command = / usr / bin / procmail -a "$ Kordhin"
[xididka @ Linux_ ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'

Waxaan kudaraynaa dhamaadka faylka /etc/postfix/main.cf xulashooyinka hoos ku qoran. Si loo ogaado macnaha mid kasta oo ka mid ah, waxaan kugula talineynaa inaad aqriso dukumiintiyada la socda.

biff = maya
append_dot_mydomain = maya
daahid_ digniin_waa = 4h
readme_directory = maya
smtpd_tls_cert_file = / iwm / pki / certs / desdelinux.fan.crt
smtpd_tls_key_file = / iwm / pki / gaar / desdelinux.fan.key
smtpd_use_tls = haa
smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache
smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache
smtpd_relay_restrictions = ogolaansho_mynetworks permit_sasl_authenticated dib u dhac_unauth_destination

# Cabirka ugu badan ee sanduuqa boostada 1024 megabytes = 1 g iyo g
boostada_size_limit = 1073741824

qaata_delimiter = +
maximal_queue_lifetime = 7d
header_checks = regexp: / etc / postfix / header_checks
baaritaannada jirka = regexp: / etc / postfix / body_checks

# Xisaabaadka u dira koobiga warqadda soo socota akoon kale
qofka qaata_bcc_maps = hash: / etc / postfix / accounts_ forwarding_copy

Khadadka soosocda ayaa muhiim ah si loo go'aamiyo cida u diri karta fariinta iyo gudbinta server-yada kale, si aanan si qalad ah u qaabeynin "relay furan" oo u oggolaaneysa isticmaaleyaasha aan la aqoonsan inay soo diraan waraaq. Waa inaan la tashano boggaga caawinta ee Postfix si aan u fahanno waxa ikhtiyaar kasta loola jeedo.

  • Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.
smtpd_helo_restrictions = ogolaansho_mynetworks,
 Digniin_hadad diiddo_naan_fqdn_hostname,
 diiday_invalid_hostname,
 ogolaanshaha

smtpd_sender_restrictions = ogolaansho_sasl_authenticated,
 rukhsad-shabakadeed,
 Digniin_hadad diiddo_naan_fqdn_sender,
 diid_nin_sender_domain,
 diidin_iputelining,
 ogolaanshaha

smtpd_client_restrictions = diiday_rbl_client sbl.spamhaus.org,
 diida_rbl_client blackholes.easynet.nl

# FIIRO GAAR AH: Ikhtiyaarka "hubinta_salka adeegga bilaashka ah: 127.0.0.1: 10023"
# wuxuu awood u siinayaa barnaamijka Postgrey, mana aha inaan ku darno
# haddii kale waxaan isticmaali doonnaa Postgrey

smtpd_recipient_restrictions = diidmada_unauth_ipipelining,
 rukhsad-shabakadeed,
 allow_sasl_authenticated,
 diid_non_fqdn_recipient,
 diida_magaca_macaan_domain,
 diid_magacaabista,
 hubi_policy_service inet: 127.0.0.1: 10023,
 ogolaanshaha

smtpd_data_restrictions = diidmada_unauth_ipipelining

smtpd_relay_restrictions = diidmada_unauth_ipipelining,
 rukhsad-shabakadeed,
 allow_sasl_authenticated,
 diid_non_fqdn_recipient,
 diida_magaca_macaan_domain,
 diid_magacaabista,
 hubi_policy_service inet: 127.0.0.1: 10023,
 ogolaanshaha
 
smtpd_helo_required = haa
smtpd_delay_reject = haa
Disable_vrfy_command = haa

Waxaan abuureynaa feylasha / iwm / boosta boostada / baaritaanka jirka y / iwm / boostada / xisaabaadka_kordhinta_koobiga, oo waanu badalnay feylka / iwm / boostada / cinwaanada cinwaanka.

  • Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.
[xididka @ linuxbox ~] # nano / etc / postfix / body_checks
# Haddii feylkaan wax laga beddelo, muhiim maahan # in la wado khariidadda boostada Si aad u tijaabiso xeerarka, u wad sidii xididka: # boostada -q 'v1agra cusub' regexp: / etc / postfix / body_checks
# Waa inuu noqdaa: # DIID Xeer # 2 Anti Spam Anti Body
/ viagra / REJECT Rule # 1 Anti Spam ee jirka fariinta
/ super cusub v [i1] agra / REJECT Rule # 2 Jirka fariinta Anti Spam

[xididka @ Linux_ ~] # nano / etc / postfix / accounts_ forwarding_copy
# Wax ka beddelka ka dib, waa inaad fulisaa: # boostada / iwm / postfix / accounts_ forwarding_copy
# feylkana waa la abuuray ama la cabiray: # /etc/postfix/accounts_forwarding_copy.db
# ------------------------------------------ # Koonto hal ah oo loo gudbiyo mid Nuqul BCC # BCC = Nuqul Kaarboon Madoow # Tusaale: # webadmin@desdelinux.fan buzz@desdelinux.fan

[xididka @ Linux_ ~] # boostada / iwm / postfix / accounts_ forwarding_copy

[xididka @ Linux_ ~] # nano / iwm / postfix / header_checks
# Kudar dhamaadka feylka # UMA BAAHNA Boostada maaddaama ay yihiin Muujinno Joogto ah
/ ^ Mawduuc: =? Big5? / DIIDO koodh gareynta Shiinaha oo aanu aqbalin adeegaan
/ ^ Mawduuc: =? EUC-KR? / DIIDO kumbuyuutar lagu qoro Kuuriya oo aan loo oggolaanayn adeegaan
/ ^ Mawduuc: ADV: / DIIDO Xayeysiisyada uusan aqbalin adeegaan
/^From:.*\@.*\.cn/ DIIDO Waan ka xumahay, Farriimaha Shiinaha halkan laguma oggola
/ ^Deg :.* \@.*\.kr/ DIIDO Waan ka xumahay, Boostada Kuuriya halkan looma oggola
/ ^Deg :.* \ @
/^Kasoo :.* \@.*\.ro/ DIIDO Waan ka xunnahay, waraaqaha Roomaaniya halkan laguma oggola
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum | Server Thunder | eMarksman | Extractor | e-Merge | laga bilaabo qarsoodi [^.] | Global Messenger | GroupMaster | Mailcast | MailKing | Match10 | MassE-Mail | massmail \ .pl | Breaker News | Powermailer | Shot Quick | Ready Aim Fire | WindoZ | WorldMerge | Yourdora | Lite) \ b / REJECT Lama soo diri karo waraaqo badan.
/ ^ Ka: "spammer / DIIDO
/ ^ Ka yimid: "spam / REJECT
/^Sawir :.*viagra/ DISCARD
# Kordhinta khatarta ah
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / DIIDO DIIDO Ma aqbalno lifaaqyada lagu kordhiyay

Waxaan hubineynaa qoraalka, dib u bilownaa Apache iyo Postifx, oo aan karnaa oo aan bilownaa Dovecot

[xididka @ linuxbox ~] # hubinta boostada
[xididka @ Linux_ ~] #

[xididka @ Linux_ ~] # systemctl dib u bilaw httpd
[xididka @ Linux_ ~] # systemctl status httpd

[xididka @ Linux_ ~] # systemctl dib u bilaabi boostada
[xididka @ linuxbox ~] # systemctl heerka boostada

[xididka @ linuxbox ~] # systemctl xaalad dovecot
Ve dovecot.service - Dovecot IMAP / POP3 server email Loaded: raran (/usr/lib/systemd/system/dovecot.service

[xididka @ Linux_ ~] # systemctl wuxuu awood u siiyaa qoolleyda
[xididka @ Linux_ ~] # systemctl bilaw dovecot
[xididka @ Linux_ ~] # systemctl dib u bilaw dovecot
[xididka @ linuxbox ~] # systemctl xaalad dovecot

Jeegaga heerka Console

  • Aad ayey muhiim u tahay ka hor intaadan sii wadin rakibidda iyo qaabeynta barnaamijyada kale, si loo sameeyo hubinta ugu yar ee lagama maarmaanka u ah adeegyada SMTP iyo POP.

Gudaha ka yimid server-ka laftiisa

Waxaan u dirnaa emayl adeegsadaha maxalliga ah Legolas.

[root @ linuxbox ~] # echo "Hello. Kani waa fariin tijaabo ah" | mail -s "Tijaabad" legolas

Waxaan hubinaynaa sanduuqa boostada ee Legolas.

[xididka @ linuxbox ~] # openssl s_client -crlf -connect 127.0.0.1:110 -starttls pop3

Fariinta kadib Dovecot waa diyaar! waxaan sii wadnaa:

---
+ OK Dovecot waa diyaar!
Legolas USER + OK PASS legolas + OK Logged in. STAT + OK 1 559 LIISKA + OK 1 farriimaha: 1 559. RETR 1 + OK 559 octets Soo Celinta-Jidka: X-Original-To: legolas Gaarsiiyay-Ku: legolas@desdelinux.fan Waxaa helay: waxaa qoray desdelinux.fan (Postfix, laga bilaabo userid 0) id 7EA22C11FC57; Mon, 22 May 2017 10:47:10 -0400 (EDT) Date: Mon, 22 May 2017 10:47:10 -0400 To: legolas@desdelinux.fan Ujeeddo: Imtixaanka Wakiilka-Wakiilka: Heirloom mailx 12.5 7/5 / 10 MIME-Version: 1.0 Tusmada-Nooca: qoraalka / cad; charset = us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Ka: root@desdelinux.fan (xididka) Waad salaaman tahay. Tani waa fariin tijaabo ah. JOOJI WAAYE
[xididka @ Linux_ ~] #

Remote ka kombiyuutarka LAN ah

Aan u dirno fariin kale Legolas kombiyuutar kale oo LAN ah. Ogsoonow in amniga TLS uusan si adag ugu baahnayn gudaha Shabakada SME.

buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \
-t legolas@desdelinux.fan \
-u "Hello" \
-m "Salaan kadib Legolas saaxiibkaa Buzz"
-s mail.desdelinux.fan -o tls = maya
May 22 10:53:08 sysadmin sendemail [5866]: Emailka si guul leh ayaa loo diray!

Haddii aan isku dayno inaan ku xirno telnet Laga soo bilaabo martigeliyaha LAN-ama internetka, dabcan - illaa Dovecot, waxyaabaha soo socda ayaa dhici doona maxaa yeelay waxaan joojineynaa xaqiijinta sharraxaadda:

buzz @ sysadmin: ~ $ telnet mail.fromlinux.fan 110Trying 192.168.10.5 ...
Kuxiran linuxbox.fromlinux.fan. Dabeecad baxsad waa '^]'. + OK Dovecot waa diyaar! isticmaale legolas
-ERR [AUTH] Xaqiijinta Plaintext-ka waa laga mamnuucay iskuxirayaasha aan amniga ahayn (SSL / TLS).
Jooji + OK Gelitaanka Bixitaanka waxaa xidhay martida shisheeye.
buuzz @ sysadmin: ~ $

Waa inaan ku sameynaa iyada oo loo marayo openssl. Wax soo saarka dhammaystiran ee amarka wuxuu noqon doonaa:

buzz @ sysadmin: ~ $ openssl s_client -crlf -connect mail.fromlinux.fan:110 -starttls pop3
KU Xidhan (00000003)
qoto dheer = 0 C = CU, ST = Cuba, L = Havana, O = FromLinux.Fan, OU = Xamaasad, CN = * .fromlinux.fan, emailAddress = buzz@desdelinux.fan
xaqiiji khalad: num = 18: shahaado is-saxeex ah oo saxeexan xaqiiji soo celin: 1
qoto dheer = 0 C = CU, ST = Cuba, L = Havana, O = FromLinux.Fan, OU = Xamaasad, CN = * .fromlinux.fan, emailAddress = buzz@fromlinux.fan xaqiiji soo noqoshada: 1
--- Silsiladda shahaado 0da: =CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Shahaadada adeegaha ----- BILOW SHAHAADADA- --- MIICyzCCAjSgAwIBAgIJAKUHI / 2ZD + MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51 eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ Bnk m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR + + + nBmqxzJbpc OZ80lujS2hP XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW + lnPBqF2b / Bt2eYyR7g JhtlP6gRG V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW + QkLskum7ESryHZonKOCelfn2vnRl 8oAgHg7Hbtg / e6sR / W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql Lt + MV5 / DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6 / VQBI8 = ----- ----- END maado SHAHAADADA = / C = CU / ST = Cuba / L = Havana / O = DesdeLinux.Fan /OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan soo saaraha = / C = CU / ST = Cuba / L = Habana / O = DesdeLinux.Fan / OU = Dhiirrigeliye / CN = *. Desdelinux .fan / emailAddress = buzz @ desdelinux.fan --- Ma jiro shahaadada macmiilka ee CA magacyada loo diray Server Temp Key: ECDH, secp384r1, 384 bits --- gacanqaad SSL wuxuu aqriyay 1342 bytes wuxuuna qoray 411 bytes --- Cusub, TLSv1 / SSLv3 , Cipher waa ECDHE-RSA-AES256-GCM-SHA384 Furaha furaha guud ee adeega waa 1024 waxoogaa Sugan Dib-u-gorgortanka IS Taageerida Cadaadiska: NONE Kordhinta: MIDNA SSL-Kalfadhiga: Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session- ID: C745B4A0236204E16234CB15DC9CDBC3D084125FF5989F5DB6C5295BF4E2D73A Kulan-ID-ctx: Master-Key : 1904D204C564B76361CEA50373F8879AF793AF7D7506C04473777F6F3503A9FD919CD1F837BC67BFF29E309F352526F5 Key-Arg: None Krb5 Maamulaha: PSK None aqoonsiga: None maldahan aqoonsiga PSK: HS 300F0000F4A3FD8CD29F7BC4BFF63E72F7F6 Key-Arg: None Krb4 Maamulaha: None 7 PSK aqoonsiga: maldahan aqoonsiga PSK None: kalfadhiga HS 1TLS XNUMX ilbiriqsi XNUMX f midkoodna-XNUMX kulan XNUMX tlf XNUMX ilbiriqsi tigidh ah fXNUMXfXNUMX tigidh ec XNUMXe XNUMXc N :.) zOcr ... O .. ~.
 0010 - 2c d4 be a8 be 92 2e ae-98 7e 87 6d 45 c5 17 a8, ........ ~ .mE ...
 0020 - db 3a 86 80 df 8b dc 8d-f8 1f 68 6e db a7 e3 86 .: ........ hn ....
 0030 - 08 35 e5 eb 98 b8 a4 98-68 b1 ea f7 72 f7 c1 79 .5 ...... h ... r..y 0040 - 89 4a 28 e3 85 a4 8b da-e9 7a 29 c7 77 bf 22 0d .J (...... z) .w. ".
 0050 - bd 5c f6 61 8c a1 14 bd-cb 31 27 66 7a dc 51 28. \. A ..... 1'fz.Q (0060 - b7 de 35 bd 2b 0f d4 ec-d3 e0 14 c8 65 03 b1 35 ..5. + ....... e..5 0070 - 38 34 f8 de 48 da ae 31-90 bd f6 b0 e6 9c cf 19 84..H..1 ..... ...
 0080 - f5 42 56 13 88 b0 8c db-aa ee 5a d7 1b 2c dd 71 .BV ....... Z ..,. Q 0090 - 7a f1 03 70 90 94 c9 0a-62 e5 0f 9c bf dc 3c a0 z..p .... b ..... <.

+ OK Dovecot waa diyaar!
Legolas USER
+ Waayahay
LASOOBADA legolas
+ OK Waad gashay
LIST
+ OK 1 farriimo: 1 1021.
RETR 1
+ OK 1021 octets Soo Celinta-Jidka: X-Original-To: legolas@desdelinux.fan Gaarsiiyay-To: legolas@desdelinux.fan Waxaa laga helay: laga soo qaaday sysadmin.desdelinux.fan (marinka [172.16.10.1]) ee desdelinux.fan (Postfix) oo wata ESMTP id 51886C11E8C0 loogu talagalay ; Isniin, 22 Meey 2017 15:09:11 -0400 (EDT) Fariin-Aqoonsi: <919362.931369932-sendEmail@sysadmin> Ka: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan" Mawduuca: Taariikhda Salaanta: Isniinta, 22ka Meey 2017 19: 09: 11 + 0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Mawduuca-Nooca: multipart / related; xadka = "---- MIME xaddidaha loogu talagalay dirida Email-365707.724894495" Tani waa farriin dhinacyo badan leh oo qaab MIME ah. Si aad si habboon ugu muujiso farriintan waxaad u baahan tahay barnaamij Email oo waafaqsan MIME-Version 1.0. ------ MimE xaddidaha loogu talagalay dirida E-mayl-365707.724894495 Mawduuc-Nooca: qoraalka / cad; charset = "iso-8859-1" Content-Transfer-Encoding: 7bit Salaan Legolas oo ka timid saaxiibkaa Buzz ------ MIME xaddidaha u soo dir e-mayl-365707.724894495--
QUIT
+ OK Gelitaanka. la xiray
buuzz @ sysadmin: ~ $

Mucjisada

Mucjisada waa macaamiil websaydh ah oo si buuxda ugu qoran PHP. Waxaa ku jira kaalmada PHP ee u gaarka ah borotokoolka IMAP iyo SMTP, waxayna siisaa iswaafajinta ugu badan ee daalacayaasha kala duwan ee la adeegsado. Waxay ku socotaa si sax ah server kasta oo IMAP ah. Waxay leedahay dhammaan shaqooyinka aad uga baahan tahay macaamiisha emaylka oo ay ku jiraan taageerada MIME, buuga cinwaanka iyo maaraynta galka.

[xididka @ Linux_ ~] # yum rakib squirrelmail
[xididka @ linuxbox ~] # adeeg httpd dib u bilaabi

[xidid @ linuxbox ~] # nano /etc/squirrelmail/config.php
$ domain = 'desdelinux.fan';
$ imapServerAddress = 'mail.fromlinux.fan';
$ imapPort = 143;
$ smtpServerAddress = 'desdelinux.fan';

[xididka @ linuxbox ~] # adeeg dib u cusbooneysiinta httpd

DNS U dir Siyaasad Framenwork ama diiwaanka SPF

Maqaalka NSD Maamulaha DNS Server + Shorewall Waxaan aragnay in aagga "desdelinux.fan" loo qaabeeyey sida soo socota:

xididka @ ns: ~ # nano /etc/nsd/desdelinux.fan.zone
$ ASAL laga bilaabo Linux.fan. $ TTL 3H @ IN SOA ns.fromlinux.fan. xididka.fromlinux.fan. (1; taxane 1D; qabooji 1H; iskuday 1W; dhaca 3H); ugu yar ama; Kaydinta xun ee wakhtiga noolaanshaha; @ IN NS ns.fromlinux.fan. @ IN MX 10 mail.fromlinux.fan.
@ QORAAL "v = spf1 a: mail.desdelinux.fan -all"
; ; Gal si aad u xalliso weydiimaha qod ka Linux.fan @ IN A 172.16.10.10; ns IN 172.16.10.30 boosto IN CNAME laga soo qaado Linux.fan. ku wada hadal IN CNAME ka Linux.fan. www IN CNAME oo ka yimid Linux.fan. ; ; Diiwaanada SRV ee laxiriira XMPP
_xmpp-server._tcp IN SRV 0 0 5269 laga bilaabo Linux.fan. _xmpp-client._tcp IN SRV 0 0 5222 laga bilaabo Linux.fan. _jabber._tcp IN SRV 0 0 5269 laga bilaabo Linux.fan.

Waxaa ku jira diiwaanka:

@ QORAAL "v = spf1 a: mail.desdelinux.fan -all"

Si loo helo halbeeg isku mid ah oo loogu talagalay SME Network ama LAN, waa inaan wax ka beddelnaa feylka qaabeynta Dnsmasq sida soo socota:

# Diiwaanka TXT. Waxaan sidoo kale sheegi karnaa rikoodh SPF txt-record = desdelinux.fan, "v = spf1 a: mail.desdelinux.fan -all"

Kadib waxaan dib u bilaabi doonaa adeegga:

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
[root @ linuxbox ~] # adeegga dnsmasq status [root @ linuxbox ~] # host -t TXT mail.fromlinux.fan mail.fromlinux.fan waa magac u gaar ah fromlinux.fan. desdelinux.fan qoraalka sharaxaadda "v = spf1 a: mail.desdelinux.fan -all"

Shahaadooyinka Is-saxeexa ah iyo Apache ama httpd

Xitaa haddii biraawsarkaagu kuu sheego taas «Mulkiilaha mail.fromlinux.fan Waxaad u qaabeysay boggaaga si khaldan. Si looga hortago in macluumaadkaaga la xado, Firefox kuma xirnayn degelkan ”, shahaadadii hore loo soo saaray WUXUU SHAQAYNAYAA, oo u oggolaan doonta aqoonsiyada ka dhexeeya macmiilka iyo server-ka inay u safraan si qarsoodi ah, ka dib markaan aqbalno shahaadada.

Haddii aad rabto, iyo sidii loo midayn lahaa shahaadooyinka, waxaad ugu dhawaaqi kartaa Apache isla shahaadooyinka aad ku caddeysay Postfix, taas oo sax ah.

[xididka @ Linux_ ~] # nano /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/fromlinux.fan.crt
SSLCertificateKeyFile /etc/pki/tls/private/fromlinux.fan.key

[xididka @ Linux_ ~] # adeega httpd dib u bilow
[xididka @ Linux_ ~] # adeegga xaaladda httpd

Kooxda Diffie-Hellman

Mawduuca Amniga ayaa ku sii adkaanaya maalin kasta internetka. Mid ka mid ah weerarada ugu badan ee lagu qaado isku xirnaanta SSL, waa logjam iyo in laga difaaco waxaa lagama maarmaan ah in lagu daro cabirro aan caadi aheyn qaabeynta SSL. Tan awgeed waxaa jira RFC-3526 «More Qaabdhismeed Qaali ah (MODP) Diffie-Hellman Kooxaha isweydaarsiga furaha internetka (IKE)«.

[xididka @ linuxbox ~] # cd / iwm / pki / tls /
[xididka @ linuxbox tls] # openssl dhparam -out gaar / dhparams.pem 2048
[xididka @ linuxbox tls] # chmod 600 gaarka loo leeyahay / dhparams.pem

Marka loo eego nooca Apache ee aan rakibnay, waxaan faylka ka isticmaali doonaa Kooxda Diffie-Helman /etc/pki/tls/dhparams.pem. Haddii ay tahay nooc 2.4.8 ama ka dib, markaa waa inaan ku darnaa feylka /etc/httpd/conf.d/ssl.conf sadarka soo socda:

SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"

Nooca Apache ee aan adeegsaneyno waa:

[xididka @ linuxbox tls] # yum info httpd
Fidiyeyaal la soo raray: fastestmirror, langpacks Soodejinta xawaaraha muraayadaha laga keenayo hostfile-ka keydka ah ee la keydiyay Baakadaha la rakibay Magaca: httpd Architecture: x86_64
Nooca: 2.4.6
Siidaynta: 45.el7.centos Cabbirka: 9.4 M Keydinta: lagu rakibay Bakhaarka: Saldhigga-Soo-Koobid: Apache HTTP Server URL: http://httpd.apache.org/ License: ASL 2.0 Sharaxaad: Apache HTTP Server waa awood , hufan, oo la dheereyn karo: shabakadda shabakadda.

Maaddaama aan haysanno nooc ka hor 2.4.8, waxaan ku darnaa waxyaabaha Diffie-Helman Group illaa dhammaadka shahaadada CRT ee horay loo soo saaray:

[xididka @ linuxbox tls] # bisad gaar loo leeyahay / dhparams.pem >> certs / desdelinux.fan.crt

Haddii aad rabto inaad hubiso in xuduudaha DH-ga si sax ah loogu daray shahaadada CRT, fuliso amarradan soo socda:

[xididka @ linuxbox tls] # bisad gaar loo leeyahay / dhparams.pem 
----- BARNAAMIJYADA FARSAMADA -----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- DHAMMAAD DHAADHAHA DHAMMAADKA -----

[xididka @ linuxbox tls] # bisad certs / desdelinux.fan.crt 
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK
DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM
DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu
ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT
AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl
c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz
ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8
sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB
idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb
O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr
/BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF
uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY
ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1
5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe
/02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm
1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B
yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T
YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK
UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ
uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf
KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U
FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V
6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz
UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3
2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo
pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5
8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU
4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS
YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh
Nf0/JsEjPklCugE=
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- DHAMMAAD DHAADHAHA DHAMMAADKA -----

Isbedeladaan kadib, waa inaan dib u bilownaa adeegyada Postfix iyo httpd:

[root @ linuxbox tls] # dib u bilawga adeegga boostada
[xididka @ linuxbox tls] # xaaladda boostada ee adeegga
[root @ linuxbox tls] # adeeg httpd dib u bilaw
[xididka @ linuxbox tls] # adeegga xaaladda httpd

Ku darista Kooxda Diffie-Helman ee shahaadooyinkeena TLS waxay ka dhigi kartaa isku xirnaanta HTTPS xoogaa gaabis ah, laakiin ku darista amniga ayaa si fiican u qalantaa.

Hubinta Squirrelmail

KADIB in shahaadooyinka si sax ah loo soo saaray oo aan u hubinno hawlgalkooda saxda ah sidii aan ku sameynay amarrada konsalka, ku tilmaam biraawsarka aad doorbidayso cinwaanka URL http://mail.desdelinux.fan/webmail waxayna ku xirmi doontaa macmiilka webka ka dib marka la aqbalo shahaadada u dhiganta. Ogsoonow, in kasta oo aad sheegto borotokoolka HTTP, waxaa loo weecin doonaa HTTPS, tanina waxaa ugu wacan qaabeynta caadiga ah ee CentOS ay u siiso Squirrelmail. Fiiri feylka /etc/httpd/conf.d/squirrelmail.conf.

Ku saabsan sanduuqa boostada isticmaalaha

Dovecot wuxuu abuuraa sanduuqa boostada IMAP galka guriga isticmaale kasta:

[xidid @ linuxbox ~] # ls -la /home/legolas/mail/.imap/
wadarta 12 drwxrwx ---. 5 legolas mail 4096 Meey 22 12:39. drwx ------. 3 legolas legolas 75 Meey 22 11:34 .. -rw -------. 1 legolas legolas 72 Meey 22 11:34 dovecot.mailbox.log -rw -------. 1 legolas legolas Meey 8 22 12:39 dovecot-uidvalidity -r - r - r--. 1 legolas legolas 0 Meey 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. 2 legolas mail 56 May 22 10:23 INBOX drwx ------. 2 legolas legolas 56 Meey 22 12:39 Lagu diray drwx ------. 2 legolas legolas 30 Meey 22 11:34 Qashin

Waxay sidoo kale ku keydsan yihiin / var / mail /

[xididka @ linuxbox ~] # ka yar / var / mail / legolas
Laga bilaabo MAILER_DAEMON Isniinta Meey 22 10:28:00 2017 Taariikhda: Isniin, 22 Meey 2017 10:28:00 -0400 Laga bilaabo: Nidaamka Boosta ee Xogta Gudaha Mawduuc: HA DHIMIN FARIINTAAN - MACLUUMAADKA GUDAHA FARAH FARIIN-ID: <1495463280 @ linuxbox> X-IMAP: 1495462351 0000000008 Xaaladda: RO Qoraalkani wuxuu ka mid yahay qaabka gudaha ee galka boostadaada, mana aha farriin dhab ah. Waxaa si otomaatig ah loogu abuuray barnaamijka nidaamka boostada. Haddii la tirtiro, xogta galka muhiimka ah ayaa lumaya, waxaana dib loo abuuri doonaa iyada oo dib-u-dejinta xogta ee qiyamka hore. Laga soo bilaabo root@desdelinux.fan Isniinta May 22 10: 47: 10 2017 Dib-u-Celinta: X-Original-To: legolas Gaarsiiyay-Ku: legolas@desdelinux.fan Waxaa helay: waxaa qoray desdelinux.fan (Postfix, laga bilaabo userid 0) id 7EA22C11FC57; Mon, 22 May 2017 10:47:10 -0400 (EDT) Date: Mon, 22 May 2017 10:47:10 -0400 To: legolas@desdelinux.fan Ujeeddo: Imtixaanka Wakiilka-Wakiilka: Heirloom mailx 12.5 7/5 / 10 MIME-Version: 1.0 Tusmada-Nooca: qoraalka / cad; charset = us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Ka: root@desdelinux.fan (xididka) X-UID: 7 Xaaladda: RO Hello. Tani waa farriin tijaabo ah Laga bilaabo buzz@deslinux.fan Isniinta May 22 10:53:08 2017 Soo-celinta Jidka: X-Original-To: legolas@desdelinux.fan Gaarsiiyay-To: legolas@desdelinux.fan Waxaa laga helay: laga soo qaaday sysadmin.desdelinux.fan (marinka [172.16.10.1]) ee desdelinux.fan (Postfix) oo wata ESMTP id C184DC11FC57 loogu talagalay ; Isniin, 22 Meey 2017 10:53:08 -0400 (EDT) Fariin-Aqoonsi: <739874.219379516-sendEmail@sysadmin> Ka: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan" Mawduuca: Taariikhda Salaanta: Isniinta, 22 Meey 2017 14:53:08 + 0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Mawduuca-Nooca: multipart / related; xuduud = "---- MIME xaddidaha dir dirta Email-794889.899510057
/ var / mail / legolas

Soo koobista PAM gaabin

Waxaan eegnay aasaaska 'Mailserver' waxaan xoogaa xooga saarnay amniga. Waxaan rajeyneynaa in maqaalka uu u adeegi doono sidii Barta Galitaanka mowduuc dhib badan oo u nugul khaladaadka maadaama uu yahay hirgalinta Server Server-ka gacanta.

Waxaan u adeegsanaa aqoonsiga isticmaalaha maxalliga ah maxaa yeelay haddii aan si sax ah u akhrinno feylka /etc/dovecot/conf.d/10-auth.conf, waxaan arki doonaa in dhamaadka ay ku jirto -iyada oo ay ku xiran yihiin- feylka aqoonsiga ee isticmaalayaasha nidaamka ! ku dar auth-system.conf.ext. Dhab ahaan feylkani wuxuu noogu sheegayaa cinwaankiisa:

[xididka @ Linux_ ~] # wax yar /etc/dovecot/conf.d/auth-system.conf.ext
Xaqiijinta dadka isticmaala nidaamka. Ka mid ahaa 10-auth.conf. # # # # Aqoonsiga PAM. Maalmahan doorbiday nidaamyada badankood.
# PAM waxaa caadi ahaan loo isticmaalaa midkood passdd userdb ama userdb ma guurto ah. # XASUUSO: Waxaad ubaahantahay faylka /etc/pam.d/dovecot oo loo sameeyay PAM # xaqiijinta si dhab ah u shaqeyso. passdb {driver = pam # [session = haa] [setcred = haa] [failure_show_msg = haa] [max_requests = ] # [khasnado_key = ] [ ] #args = qoolley}

Faylka kalena wuu jiraa /etc/pam.d/dovecot:

[xididka @ linuxbox ~] # bisad /etc/pam.d/dovecot 
#% PAM-1.0 auth loo baahan yahay pam_nologin.so auth waxaa kujira koontada-password auth waxaa kamid ah password-auth fadhiga waxaa kamid ah password-auth

Maxaan isku dayeynaa inaan ka gudbino xaqiijinta PAM?

  • CentOS, Debian, Ubuntu, iyo qaybino kale oo badan oo Linux ah ayaa ku rakibaya Postifx iyo Dovecot xaqiijinta maxalliga ah oo ay awood u siisay.
  • Maqaallo badan oo internetka ku saabsan ayaa adeegsada MySQL - iyo goor dhaweyd oo MariaDB - si loogu kaydiyo isticmaaleyaasha iyo xogta kale ee ku saabsan Mailserver. LAAKIIN kuwani waa adeegyo kumanaan kun oo isticmaaleyaal ah, mana ahan shabakad caan ah oo SME oo leh - laga yaabee - boqolaal isticmaaleyaal ah.
  • Xaqiijinta iyada oo loo marayo PAM waa lagama maarmaan oo ku filan in lagu bixiyo adeegyo shabakadeed illaa iyo inta ay ku shaqeynayaan hal adeege sida aan ku aragnay meerisyadan.
  • Isticmaalayaasha ku kaydsan xogta LDAP waxaa loo samayn karaa khariidad sidii ay ahaayeen isticmaaleyaasha maxalliga ah, iyo xaqiijinta PAM waxaa loo isticmaali karaa in lagu bixiyo adeegyo shabakadeed oo ka imanaya server-yo kala duwan oo Linux ah oo u shaqeeya sidii macaamiisha LDAP ee adeegga xaqiijinta dhexe. Sidan oo kale, waxaan kula shaqeyn doonnaa aqoonsiga isticmaaleyaasha ku keydsan xarunta dhexe ee serverka LDAP, mana ahan muhiim in la ilaaliyo keydka macluumaadka ee isticmaalayaasha maxalliga ah.

Illaa xiisaha soo socda!


Nuxurka maqaalka wuxuu u hogaansamayaa mabaadi'deena anshaxa tifaftirka. Si aad u soo sheegto khalad guji Halkan.

9 faallooyin, ka tag taada

Ka tag faalladaada

cinwaanka email aan la daabacin doonaa.

*

*

  1. Masuul ka ah xogta: Miguel Ángel Gatón
  2. Ujeedada xogta: Xakamaynta SPAM, maaraynta faallooyinka.
  3. Sharci: Oggolaanshahaaga
  4. Isgaarsiinta xogta: Xogta looma gudbin doono dhinacyada saddexaad marka laga reebo waajibaadka sharciga ah.
  5. Kaydinta xogta: Macluumaadka ay martigelisay Shabakadaha Occentus (EU)
  6. Xuquuqda: Waqti kasta oo aad xadidi karto, soo ceshan karto oo tirtiri karto macluumaadkaaga.

  1.   qorraxda dijo

    Aaminsanahay in ficil ahaan tani ay tahay geeddi-socod siinaysa in ka badan hal sysadmin madax-xanuun daran, waxaan ku qanacsanahay in mustaqbalka ay u noqon doonto hage tixraac qof kasta oo doonaya inuu maareeyo emaylkiisa, kiis ficil ah oo ku dhaca abc markii isku darka boostada, dovecot, squirrelmail ..

    Aad baad ugu mahadsantahay waxqabadkaaga la mahadiyo,

  2.   Darko dijo

    Maxaad ugu isticmaali weyday Mailpile, markay tahay amniga, PGP? Sidoo kale Roundcube waxay leedahay interface aad u fara badan oo dareen leh waxayna sidoo kale la midoobi kartaa PGP.

  3.   Martin dijo

    3 maalmood kahor waxaan aqriyay boostada, waan ogahay sida aan kuugu mahad celiyo. Uma qorsheynayo inaan rakibo server mail laakiin had iyo jeer waa waxtar leh in la arko abuuritaanka shahaadooyin, oo waxtar u leh barnaamijyada kale iyo casharradan ay si dhib yar u dhacayaan (gaar ahaan markaad isticmaaleyso centOS).

  4.   federico dijo

    Manuel Cillero: Waad ku mahadsan tahay isku xirka iyo ka soo qaadashada balooggaaga maqaalkan oo ah udub-dhexaadka ugu yar ee adeegga boostada ee ku saleysan Postfix iyo Dovecot.

    Lizard: Had iyo jeer, qiimeyntaada si wanaagsan ayaa loo aqbalay. Mahadsanid.

    Darko: Ku dhowaad dhammaan qoraalladayda waxaan ku idhi wax ka yar ama ka yar in "Qof kastaa wuxuu ku hirgeliyaa adeegyada barnaamijyada ay ugu jecel yihiin." Waad ku mahadsantahay faallooyinka.

    Martin: Waad ku mahadsan tahay sidoo kale akhriska maqaalka waxaanan rajeynayaa inay kaa caawin doonto shaqadaada.

  5.   Zodiac Carburus dijo

    Maqaal aad uwanaagsan saaxiib Federico. Waad ku mahadsantahay sida wanaagsan ee aad u samaysay.

  6.   xiiqsan dijo

    aad u fiican inkasta oo aan isticmaali lahaa "isticmaaleyaasha adeegsada" si aan uga fogaado inaan abuuro isticmaale nidaam markasta oo aan ku daro emayl, mahadsanid waxaan bartay waxyaabo badan oo cusub kanina waa nooca boostada ee aan sugayay

  7.   Wilton Acevedo Rueda dijo

    Habeen wanaagsan,

    Waxaa lagu dhiirigelin lahaa inay isku mid ka sameeyaan server directory fedora + postifx + dovecot + thunderbird ama aragti.

    Qayb ayaan leeyahay laakiin waan ku xayirannahay, waxaan si farxad leh ula wadaagi lahaa dukumintiga bulshada @desdelinux

  8.   phico dijo

    Kama fikirin in ay gaari doonto in ka badan 3000 oo booqasho !!!

    Salaan Lizard!

  9.   Madoow dijo

    Saaxiib tababar fiican.
    Miyaad u qaban kartaa Debian 10 oo leh isticmaaleyaasha Diiwaanka Firfircoon ee ku rakiban Samba4 ???
    Waxaan qiyaasayaa inay ku dhowaad isku mid noqon lahayd laakiin beddelayso nooca xaqiijinta.
    Qaybta aad u hurto abuurista shahaadooyin is-saxeex ah ayaa aad u xiiso badan.