Postfix + Dovecot + Squirrelmail iyo isticmaaleyaasha maxalliga ah - Shabakadaha SMB

Tusmada guud ee taxanaha: Shabakadaha Kombuyuutarka ee loogu talagalay SMEs: Hordhac

Maqaalkani waa sii wadida iyo ugudambeyntii howlaha yaryar:

• Xaqiijinta Squid + PAM ee CentOS 7.
• Isticmaalaha maxaliga ah iyo maamulka kooxda
• NSD Maamulaha DNS Server + Shorewall
• IM Prosody iyo isticmaaleyaasha maxalliga ah
  

Waad salaaman tihiin asxaabta iyo asxaabta!

ka Xamaasad waxay rabaan inay yeeshaan server mailkooda ah. Ma rabaan inay adeegsadaan server-yada meesha "Asturnaanta" u dhexeyso calaamadaha su'aasha. Qofka mas'uulka ka ah hirgalinta adeegga adeegahaaga yar maahan khabiir ku takhasusay mowduuca oo wuxuu marka hore isku dayi doonaa inuu rakibo xuddunta mustaqbalka iyo dhammaystirka server-ka. Taasi miyay tahay "isleegyada" in la sameeyo Mailserver Buuxa ay xoogaa adag tahay in la fahmo lana adeegsado. 😉

Faahfaahinta xadka

• Waa lagama maarmaan in si cad loo caddeeyo shaqooyinka barnaamij kasta oo ku lug leh Mailserver uu qabanayo. Tilmaame bilow ah waxaan ku siineynaa taxane dhan oo xiriiriyeyaal faa'iido leh ujeedada la sheegay ee la booqday.
• Adiga oo gacanta ku fulinaya Adeegga Dhamaystiran ee Adeegga Boostada meel ugasoo bilowda ayaa ah hawl daal badan, illaa aad ka mid tahay "kuwa la doortay" ee qabta hawsha noocan ah maalin kasta. Server A Mail ayaa loo sameeyay - qaab guud- barnaamijyo kala duwan oo si gooni gooni ah u maareeya SMTP, POP / IMAP, Kaydinta farriimaha maxalliga ah, howlaha la xiriira daaweynta SPAM, Antivirus, iwm. DHAMMAAN barnaamijyadan waa inay si sax ah ula xiriiraan.
• Ma jiro hal cabir oo ku habboon dhammaan ama "hababka ugu fiican" ee ku saabsan sida loo maareeyo adeegsadayaasha; meesha iyo sida loo keydiyo farriimaha, ama sida looga dhigo dhammaan qeybaha inay u shaqeeyaan sidii guud ahaan.
• Isku soo wada duubida iyo hagaajinta Mailserver waxay u egtahay wax laga xumaado arrimaha sida rukhsadaha iyo milkiileyaasha faylalka, xulashada cidda isticmaaleyaashu mas'uul ka noqonayso nidaam gaar ah, iyo khaladaad yaryar oo lagu sameeyay faylka qaabeynta qaabdhismeedka qaarkood.
• Ilaa aad si fiican u ogtahay waxa aad samaynayso, natiijada ugu dambaysa waxay noqon doontaa mid aan ammaan ahayn ama wax yar oo aan shaqeynayn Server Server. Taasi dhamaadka fulinta Ma shaqeynayso, waxay noqon doontaa mid ka yar sharka.
• Waxaan ka heli karnaa internetka qaddar wanaagsan oo ah habka cuntada loo sameeyo ee ku saabsan sida loo sameeyo Server Server. Mid ka mid ah kuwa ugu dhameystiran -aragtidayda shaqsi ahaaneed- waa tan uu soo bandhigay qoraagu ivar Abraham ee daabacaaddeedii saddex iyo tobnaad ee Janawari 2017 «Sida loo sameeyo server mail ah nidaamka GNU / Linux«.
• Waxaan sidoo kale kugula talineynaa aqrinta maqaalka «Mailserver ah Ubuntu 14.04: Postfix, Dovecot, MySQL«, ama «Mailserver ah Ubuntu 16.04: Postfix, Dovecot, MySQL«.
• Run. Dukumiintiyada ugu fiican ee arintan ku saabsan waxaa laga heli karaa Ingiriisi.
  • In kasta oo aanaan waligeen samayn doonin Mailserver si daacad ah ay u hogaamiyaan Sida loo ... ee ku xusan tuduca hore, xaqiiqda kaliya ee aan u raacno talaabo talaabo ayaa fikrad fiican naga siin doonta waxa aan wajihi doono.
• Haddii aad rabto inaad ku hesho Mailserver dhameystiran dhowr tallaabo oo keliya, waad soo degsan kartaa sawirka iRedOS-0.6.0-CentOS-5.5-i386.iso, ama raadi mid ka casrisan, ha noqdo iRedOS ama iRedMail. Waa habka aan shaqsiyan kula taliyo.

Waxaan dooneynaa inaan rakibno oo aan qaabeyno:

• Postfix adeege ahaan Mtoon Transport Anacas (SMTP)
• Dovecot sida POP - IMAP server.
• Shahaadooyinka isku xirka TLS.
• Mucjisada sida websaydh u adeegsadayaasha.
• Diiwaanka DNS ee laxiriira «Qaabdhismeedka Siyaasadda Dirayaasha»Ama SPF.
• Jiil Module Kooxda Diffie Hellman si loo kordhiyo amniga shahaadooyinka SSL.

Waa weli in la sameeyo:

Ugu yaraan adeegyadan soo socda ayaa sii ahaanaya in la hirgeliyo:

• postgrey: Siyaasadaha server Postfix ee Liiska Gray oo diidaan Junk Mail.
  
• Amavisd-cusub.
• Antivirus -ka Clamav: qaybta antivirus
• SpamAssassin: ka soo saar Junk Mail
• Rooter (pyzorQabashada SPAM iyada oo loo marayo shabakad qaybsan oo wadashaqeyn leh. Shabakada Vipul Razor waxay haysaa buugga la cusbooneysiiyey ee faafinta waraaqaha qashinka ah ama SPAM.
• Diiwaanka DNS "MailKeys Aqoonsiga Boosta" ama DKIM.

Xirmooyinka postgrey, amavisd-cusub, clamav, spamassassin, mandiil y pyzor Waxaa laga helaa bakhaarada barnaamijka. Waxaan sidoo kale heli doonnaa barnaamijka furan.

• Bayaanka saxda ah ee diiwaanka DNS "SPF" iyo "DKIM" waa lama huraan haddii aanan dooneyno in adeegeena fariimaha kaliya la howlgaliyo, in loogu dhawaaqo mid aan la rabin ama soo saare ka ah SPAM ama Junk Mail, oo loogu talagalay adeegyada kale ee boostada sida Gmail, Yah, Hotmail, iwm.

Jeegaga hore

Xusuusnow in qodobkani yahay sii socoshada kuwa kale oo ka bilaabmaya Xaqiijinta Squid + PAM ee CentOS 7.

Iskuxirka Ens32 LAN wuxuu kuxiranyahay Shabakada Gudaha

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fanaan DNS1=127.0.0.1
QAYBTA = dadweynaha

[xididka @ Linux_ ~] # ifdown ens32 && ifup ens32

Ens34 WAN wuxuu kuxiranyahay internetka

[xididka @ linuxbox ~] # nano / etc / sysconfig / network-scripts / ifcfg-ens34
DEVICE=ens34 ONBOOT=haa BOOTPROTO=static HWADDR=00:0c:29:da:a3:e7 NM_CONTROLLED=maya IPADDR=172.16.10.10 NETMASK=255.255.255.0 # ADSL Router-ka soo socda wuxuu ku xidhan yahay # ciwaanka soo socda IP GATEWAY=172.16.10.1 DOMAIN=desdelinux.fanaan DNS1=127.0.0.1
AAGA = dibedda

Xallinta DNS ee LAN

[xidid@linuxbox ~] # raadin /etc/resolv.conf desdelinux.fan nameserver 127.0.0.1 nameserver 172.16.10.30 [root@linuxbox ~]# mail host
email.desdelinuxfanku waa magac loo yaqaan linuxbox.desdelinux. taageere. linuxbox.desdelinux.fanku waxa uu leeyahay ciwaanka 192.168.10.5 linuxbox.desdelinuxBoostada fanka waxaa lagu maamulaa 1 mail.desdelinux. taageere.

[root@linuxbox ~] # hostmail.desdelinux. taageere
email.desdelinuxfanku waa magac loo yaqaan linuxbox.desdelinux. taageere. linuxbox.desdelinux.fanku waxa uu leeyahay ciwaanka 192.168.10.5 linuxbox.desdelinuxBoostada fanka waxaa lagu maamulaa 1 mail.desdelinux. taageere.

Xalka DNS ee internetka

buzz@sysadmin:~$hostmail.desdelinux. taageere 172.16.10.30
Isticmaalka domainka server: Magaca: 172.16.10.30 Cinwaanka: 172.16.10.30#53 Magacyada: mail.desdelinux.fanku waa magac u yaal desdelinux. taageere.
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinuxBoostada fanka waxaa lagu maamulaa 10 mail.desdelinux. taageere.

Dhibaatooyinka xalinta magaca martida loo yahay gudaha «desdelinux.fan"

Haddii dhibaato kaa haysato xallinta magaca martida «desdelinux. taageere"ka LAN, isku day inaad faallo ka bixiso khadka faylka /etc/dnsmasq.conf halka lagaga dhawaaqay maxaliga ah=/desdelinuxtaageere/. Ka dib, dib u bilow Dnsmasq.

[xididka @ Linux_ ~] # nano /etc/dnsmasq.conf # Faallo khadka hoose:
# deegaanka=/desdelinuxtaageere/

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
U hagida dhanka / bin / systemctl dib u bilaw dnsmasq.service

[xididka @ Linux_ ~] # adeegga dnsmasq xaaladdiisa

[root@linuxbox ~] # martigeliyaha desdelinux. taageere
desdelinux.fanku wuxuu leeyahay ciwaanka 172.16.10.10
desdelinuxBoostada fanka waxaa lagu maamulaa 10 mail.desdelinux. taageere.

Postfix iyo Dovecot

Dukumiintiyada aadka u ballaaran ee Postfix iyo Dovecot waxaa laga heli karaa:

[xididka @ Linux_ ~] # ls /usr/share/doc/postfix-2.10.1/
bounce.cf.dejin ah LIISSANKA README-Postfix-SASL-RedHat.txt ISKUULNIMADA main.cf.dabeelaha TLS_ACKNOWLEDGEMENTS tusaalayaal README_FILES TLS_LICENSE

[xididka @ Linux_ ~] # ls /usr/share/doc/dovecot-2.2.10/
AUTHORS COPYING.MIT dovecot-openssl.cnf NEWS wiki COPYING ChangeLog example-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml

CentOS 7, Postfix MTA waxaa lagu rakibay si caadi ah markaan doorano ikhtiyaarka Server Server Kaabayaasha. Waa inaan hubinno in macnaha SELinux uu oggolaanayo qorista Potfix safka fariinta maxalliga ah:

[xididka @ linuxbox ~] # getsebool -a | grep boostada
postfix_local_write_mail_spool -> on

Wax ka beddelka FirewallD

Iyadoo la adeegsanayo istiraatiijiga garaafka si loo jaangooyo FirewallD, waa inaan hubinnaa in adeegyada iyo dekedda soo socda loo karti yeelay Aag kasta:

# ------------------------------------------------- -----
# Dayactirka FirewallD
# ------------------------------------------------- -----
# firewall
# Aagga dadweynaha: http, https, imap, pop3, adeegyada smtp
# Aagga dadweynaha: dekedaha 80, 443, 143, 110, 25

# Aagga Dibadda: http, https, imap, pop3s, adeegyada smtp
# Aagga Dibadda: dekedaha 80, 443, 143, 995, 25

Waxaan rakibnaa Dovecot iyo barnaamijyo lagama maarmaan ah

[root @ linuxbox ~] # yum ku rakib dovecot mod_ssl procmail telnet

Isku-darka Dovecot-ka ugu yar

[xididka @ linuxbox ~] # nano /etc/dovecot/dovecot.conf
nidaamyada = khariidad pop3 lmtp
dhagaysan =*, ::
login_g salaanta = Qoolleydu waa diyaar!

Waxaan si cad u joojineynaa cadeynta Dovecot:

[xididka @ Linux_ ~] # nano /etc/dovecot/conf.d/10-auth.conf 
Disable_plaintext_auth = haa

Waxaan ku dhawaaqeynaa Kooxda leh mudnaanta lagama maarmaanka u ah inay la falgalaan Dovecot, iyo goobta fariimaha:

[xididka @ Linux_ ~] # nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox: ~ / mail: INBOX = / var / mail /% u
mail_privileged_group = boosta
mail_access_groups = boosto

Shahaadooyinka Dovecot

Dovecot waxay si otomaatig ah u soo saartaa shahaadooyinkaaga imtixaanka iyada oo ku saleysan xogta ku jirta faylka /etc/pki/dovecot/dovecot-opensl.cnf. Si loo helo shahaadooyin cusub oo loo soo saaray iyadoo loo eegayo shuruudahayaga, waa inaan fulinnaa tallaabooyinka soo socda:

[xididka @ linuxbox ~] # cd / iwm / pki / dovecot /
[xididka @ linuxbox dovecot] # nano dovecot-openssl.cnf
[req] default_bits = 1024 encrypt_key = haa distinguished_name = req_dn x509_extensions = cert_type degdeg = maya [req_dn] # wadanka (2 xaraf code) C=CU # Magaca Gobolka ama Gobolka (magaca buuxa) ST=Cuba # Magaca deegaanka (tusaale magaalo ) L=Havana # Ururka (tusaale shirkad) O=DesdeLinux.Fan # Magaca Unugga Ururka (tusaale. qaybta) OU=Xisaystayaasha # Magaca Guud (*.tusaale.com sidoo kale waa suurtagal) CN=*.desdelinuxtaageere # Iimayl la xidhiidh emailAddress=buzz@desdelinux.fan [cert_type] nsCertType = server

Waxaan baabi'ineynaa shahaadooyinka imtixaanka

[xididka @ linuxbox dovecot] # rm certs / dovecot.pem 
rm: tirtir faylka caadiga ah "certs / dovecot.pem"? (y / n) y
[xididka @ linuxbox dovecot] # rm gaar / dovecot.pem 
rm: tirtir faylka caadiga ah "private / dovecot.pem"? (y / n) y

Waxaan nuquleynaa oo fulinaa qoraalka mkcert.sh laga helo galka dukumiintiyada

[xididka @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [xididka @ linuxbox dovecot] # bash mkcert.sh 
Soo saarista furaha gaarka ah ee 1024-bit ee RSA ......++++++ ................++++++ qorista fure khaas ah oo cusub pki/dovecot/private/dovecot.pem' ----- mawduuc= /C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Xisayste/CN=*.desdelinux.fan/emailAddress=Buzz@desdelinux.fan
SHA1 Fingerprint=5F:4A:0C:44:EC:EC:EF:95:73:3E:1E:37:D5:05:F8:23:7E:E1:A4:5A

[xididka @ linuxbox dovecot] # ls -l certs /
wadarta 4 -rw -------. 1 xididka xididka 1029 Meey 22 16:08 dovecot.pem
[xididka @ linuxbox dovecot] # ls -l gaar /
wadarta 4 -rw -------. 1 xididka xididka 916 Meey 22 16:08 dovecot.pem

[xididka @ linuxbox dovecot] # adeeg dovecot dib u bilaw
[xididka @ linuxbox dovecot] # adeegga qoolleyda

Shahaadooyinka Postfix

[xidid @ linuxbox ~]# cd /etc/pki/tls/ [root@linuxbox tls]# openssl req -sha256 -x509 -nodes -newkey rsa:4096 -days 1825 \ -out certs/desdelinux.fan.crt -furaha gaarka ah/desdelinux.fan.key

Soo saarista furaha gaarka ah ee 4096-bit ee RSA........++ taas ayaa lagu dari doonaa codsigaaga shahaadada Waxa aad geli doonto waa waxa loo yaqaan magac la aqoonsan yahay ama DN. Waxa jira dhawr goobood, laakiin waxa aad kaga tagi kartaa qaar banaan. -- Magaca Dalka (2 xaraf summada) [XX]: CU Gobolka ama Magaca Gobolka (magaca buuxa) []: Magaca Deegaanka Cuba (tusaale, magaalada) [Magaalada Default]: Magaca Ururka Havana (tusaale, shirkad) [ Shirkadda Default Ltd]:DesdeLinux.Fan Organisation Unit Magaca (tusaale, qaybta) []:Xisaystayaasha Magaca Caadiga ah (tusaale, magacaaga ama magaca adeegahaaga) []:desdelinuxCiwaanka iimaylka taageere []:buzz@desdelinux. taageere

Isku-darka ugu-yar ee Postfix

Waxaan kudaraynaa dhamaadka faylka / etc / aliases ku xiga:

xidid: buuq

Isbedelada si ay u dhaqan galaan waxaan fulinaa amarka soo socda:

[xididka @ linuxbox ~] # cusub

Qaabeynta Postifx waxaa lagu sameyn karaa iyadoo si toos ah loo saxo feylka /etc/postfix/main.cf ama amar ahaan postconf -e taxaddar in dhammaan halbeegga aan dooneyno inaan wax ka beddelno ama ku darno uu ka muuqdo hal saf oo konsalka ah:

• Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.

[root@linuxbox ~] # postconf -e 'myhostname = desdelinux.fan'
[xidid@linuxbox ~] # postconf -e 'mydomain = desdelinux.fan'
[xididka @ Linux_ ~] # postconf -e 'myorigin = $ mydomain'
[xididka @ Linux_ ~] # postconf -e 'inet_interfaces = all'
[root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, mail. $ mydomain, www. $ mydomain, ftp. $ mydomain'

[xididka @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8'
[root @ linuxbox ~] # postconf -e 'mailbox_command = / usr / bin / procmail -a "$ Kordhin"
[xididka @ Linux_ ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'

Waxaan kudaraynaa dhamaadka faylka /etc/postfix/main.cf xulashooyinka hoos ku qoran. Si loo ogaado macnaha mid kasta oo ka mid ah, waxaan kugula talineynaa inaad aqriso dukumiintiyada la socda.

biff = maya
append_dot_mydomain = maya
daahid_ digniin_waa = 4h
readme_directory = maya
smtpd_tls_cert_file=/etc/pki/certs/desdelinux.fan.crt
smtpd_tls_key_file=/etc/pki/private/desdelinux.fan.key
smtpd_use_tls = haa
smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache
smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache
smtpd_relay_restrictions = ogolaansho_mynetworks permit_sasl_authenticated dib u dhac_unauth_destination

# Cabirka ugu badan ee sanduuqa boostada 1024 megabytes = 1 g iyo g
boostada_size_limit = 1073741824

qaata_delimiter = +
maximal_queue_lifetime = 7d
header_checks = regexp: / etc / postfix / header_checks
baaritaannada jirka = regexp: / etc / postfix / body_checks

# Xisaabaadka u dira koobiga warqadda soo socota akoon kale
qofka qaata_bcc_maps = hash: / etc / postfix / accounts_ forwarding_copy

Khadadka soosocda ayaa muhiim ah si loo go'aamiyo cida u diri karta fariinta iyo gudbinta server-yada kale, si aanan si qalad ah u qaabeynin "relay furan" oo u oggolaaneysa isticmaaleyaasha aan la aqoonsan inay soo diraan waraaq. Waa inaan la tashano boggaga caawinta ee Postfix si aan u fahanno waxa ikhtiyaar kasta loola jeedo.

• Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.

smtpd_helo_restrictions = ogolaansho_mynetworks,
 Digniin_hadad diiddo_naan_fqdn_hostname,
 diiday_invalid_hostname,
 ogolaanshaha

smtpd_sender_restrictions = ogolaansho_sasl_authenticated,
 rukhsad-shabakadeed,
 Digniin_hadad diiddo_naan_fqdn_sender,
 diid_nin_sender_domain,
 diidin_iputelining,
 ogolaanshaha

smtpd_client_restrictions = diiday_rbl_client sbl.spamhaus.org,
 diida_rbl_client blackholes.easynet.nl

# FIIRO GAAR AH: Ikhtiyaarka "hubinta_salka adeegga bilaashka ah: 127.0.0.1: 10023"
# wuxuu awood u siinayaa barnaamijka Postgrey, mana aha inaan ku darno
# haddii kale waxaan isticmaali doonnaa Postgrey

smtpd_recipient_restrictions = diidmada_unauth_ipipelining,
 rukhsad-shabakadeed,
 allow_sasl_authenticated,
 diid_non_fqdn_recipient,
 diida_magaca_macaan_domain,
 diid_magacaabista,
 hubi_policy_service inet: 127.0.0.1: 10023,
 ogolaanshaha

smtpd_data_restrictions = diidmada_unauth_ipipelining

smtpd_relay_restrictions = diidmada_unauth_ipipelining,
 rukhsad-shabakadeed,
 allow_sasl_authenticated,
 diid_non_fqdn_recipient,
 diida_magaca_macaan_domain,
 diid_magacaabista,
 hubi_policy_service inet: 127.0.0.1: 10023,
 ogolaanshaha
 
smtpd_helo_required = haa
smtpd_delay_reject = haa
Disable_vrfy_command = haa

Waxaan abuureynaa feylasha / iwm / boosta boostada / baaritaanka jirka y / iwm / boostada / xisaabaadka_kordhinta_koobiga, oo waanu badalnay feylka / iwm / boostada / cinwaanada cinwaanka.

• Mid kastaa waa inuu ku dhawaaqaa xulashooyinka uu fahmayo una baahan yahay!.
  

[xididka @ linuxbox ~] # nano / etc / postfix / body_checks
# Haddii feylkaan wax laga beddelo, muhiim maahan # in la wado khariidadda boostada Si aad u tijaabiso xeerarka, u wad sidii xididka: # boostada -q 'v1agra cusub' regexp: / etc / postfix / body_checks
# Waa inuu noqdaa: # DIID Xeer # 2 Anti Spam Anti Body
/ viagra / REJECT Rule # 1 Anti Spam ee jirka fariinta
/ super cusub v [i1] agra / REJECT Rule # 2 Jirka fariinta Anti Spam

[xididka @ Linux_ ~] # nano / etc / postfix / accounts_ forwarding_copy
# Wax ka beddelka ka dib, waa inaad fulisaa: # boostada / iwm / postfix / accounts_ forwarding_copy
# feylkana waa la abuuray ama la cabiray: # /etc/postfix/accounts_forwarding_copy.db
# ------------------------------------------------- # HAL akoon oo loo gudbiyo hal BCC nuqul # BCC = Nuqul Kaarboon Madow # Tusaale: # webadmin@desdelinux. taageere buzz@desdelinux. taageere

[xididka @ Linux_ ~] # boostada / iwm / postfix / accounts_ forwarding_copy

[xididka @ Linux_ ~] # nano / iwm / postfix / header_checks
# Kudar dhamaadka feylka # UMA BAAHNA Boostada maaddaama ay yihiin Muujinno Joogto ah
/ ^ Mawduuc: =? Big5? / DIIDO koodh gareynta Shiinaha oo aanu aqbalin adeegaan
/ ^ Mawduuc: =? EUC-KR? / DIIDO kumbuyuutar lagu qoro Kuuriya oo aan loo oggolaanayn adeegaan
/ ^ Mawduuc: ADV: / DIIDO Xayeysiisyada uusan aqbalin adeegaan
/^From:.*\@.*\.cn/ DIIDO Waan ka xumahay, Farriimaha Shiinaha halkan laguma oggola
/ ^Deg :.* \@.*\.kr/ DIIDO Waan ka xumahay, Boostada Kuuriya halkan looma oggola
/ ^Deg :.* \ @
/^Kasoo :.* \@.*\.ro/ DIIDO Waan ka xunnahay, waraaqaha Roomaaniya halkan laguma oggola
/^(Received|Message-Id|X-(Mailer|Sender)):.*\b(AutoMail|E-Broadcaster|Emailer Platinum | Server Thunder | eMarksman | Extractor | e-Merge | laga bilaabo qarsoodi [^.] | Global Messenger | GroupMaster | Mailcast | MailKing | Match10 | MassE-Mail | massmail \ .pl | Breaker News | Powermailer | Shot Quick | Ready Aim Fire | WindoZ | WorldMerge | Yourdora | Lite) \ b / REJECT Lama soo diri karo waraaqo badan.
/ ^ Ka: "spammer / DIIDO
/ ^ Ka yimid: "spam / REJECT
/^Sawir :.*viagra/ DISCARD
# Kordhinta khatarta ah
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / DIIDO DIIDO Ma aqbalno lifaaqyada lagu kordhiyay

Waxaan hubineynaa qoraalka, dib u bilownaa Apache iyo Postifx, oo aan karnaa oo aan bilownaa Dovecot

[xididka @ linuxbox ~] # hubinta boostada
[xididka @ Linux_ ~] #

[xididka @ Linux_ ~] # systemctl dib u bilaw httpd
[xididka @ Linux_ ~] # systemctl status httpd

[xididka @ Linux_ ~] # systemctl dib u bilaabi boostada
[xididka @ linuxbox ~] # systemctl heerka boostada

[xididka @ linuxbox ~] # systemctl xaalad dovecot
Ve dovecot.service - Dovecot IMAP / POP3 server email Loaded: raran (/usr/lib/systemd/system/dovecot.service

[xididka @ Linux_ ~] # systemctl wuxuu awood u siiyaa qoolleyda
[xididka @ Linux_ ~] # systemctl bilaw dovecot
[xididka @ Linux_ ~] # systemctl dib u bilaw dovecot
[xididka @ linuxbox ~] # systemctl xaalad dovecot

Jeegaga heerka Console

• Aad ayey muhiim u tahay ka hor intaadan sii wadin rakibidda iyo qaabeynta barnaamijyada kale, si loo sameeyo hubinta ugu yar ee lagama maarmaanka u ah adeegyada SMTP iyo POP.

Gudaha ka yimid server-ka laftiisa

Waxaan u dirnaa emayl adeegsadaha maxalliga ah Legolas.

[root @ linuxbox ~] # echo "Hello. Kani waa fariin tijaabo ah" | mail -s "Tijaabad" legolas

Waxaan hubinaynaa sanduuqa boostada ee Legolas.

[xididka @ linuxbox ~] # openssl s_client -crlf -connect 127.0.0.1:110 -starttls pop3

Fariinta kadib Dovecot waa diyaar! waxaan sii wadnaa:

---
+ OK Dovecot waa diyaar!
USER legolas +OK PASS legolas +OK ayaa soo galay. STAT +OK 1 559 LIISKA +OK 1 fariimaha: 1 559 . RETR 1 + OK 559 octets Jidka soo laabashada:desdelinux.fan> X-Original-Ku: legolas Waxaa loo dhiibay: legolas@desdelinux.fanaan Helay: by desdelinux.fan (Postfix, from userid 0) id 7EA22C11FC57; Isniin, May 22, 2017 10:47:10 -0400 (EDT) Taariikhda: Isniin, 22 Meey 2017 10:47:10 -0400 Ku: legolas@desdelinuxMawduuca taageere: Tijaabada Isticmaalaha-Wakiilka: Heirloom mailx 12.5 7/5/10 MIME-Nooca: 1.0 Nuxurka-Nooca: Qoraal/Badhan; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20170522144710.7EA22C11FC57@desdelinux.fan> Ka: root@desdelinux.fan (xidid) Hello. Tani waa fariin tijaabo ah . SAMEEYAY
[xididka @ Linux_ ~] #

Remote ka kombiyuutarka LAN ah

Aan u dirno fariin kale Legolas kombiyuutar kale oo LAN ah. Ogsoonow in amniga TLS uusan si adag ugu baahnayn gudaha Shabakada SME.

buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \
-t legolas@desdelinuxtaageere\
-u "Hello" \
-m "Salaan kadib Legolas saaxiibkaa Buzz"
- iimaylka.desdelinux.fan -o tls=maya
May 22 10:53:08 sysadmin sendemail [5866]: Emailka si guul leh ayaa loo diray!

Haddii aan isku dayno inaan ku xirno telnet Laga soo bilaabo martigeliyaha LAN-ama internetka, dabcan - illaa Dovecot, waxyaabaha soo socda ayaa dhici doona maxaa yeelay waxaan joojineynaa xaqiijinta sharraxaadda:

buzz@sysadmin:~$ telnet mail.desdelinux.fan 110isku dayaya 192.168.10.5...
Ku xidhan linuxboxdesdelinux. taageere. Dabeecadda baxsashadu waa '^]'. + OK Dovecot waa diyaar! user legolas
-ERR [AUTH] Xaqiijinta Plaintext-ka waa laga mamnuucay iskuxirayaasha aan amniga ahayn (SSL / TLS).
Jooji + OK Gelitaanka Bixitaanka waxaa xidhay martida shisheeye.
buuzz @ sysadmin: ~ $

Waa inaan ku sameynaa iyada oo loo marayo openssl. Wax soo saarka dhammaystiran ee amarka wuxuu noqon doonaa:

buzz@sysadmin:~$ openssl s_client -crlf -link mail.desdelinux.fan:110 -starttls pop3
KU Xidhan (00000003)
qoto dheer = 0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Xamaasada, CN = *.desdelinux.fan, emailAddress = buzz@desdelinux. taageere
xaqiiji khalad: num = 18: shahaado is-saxeex ah oo saxeexan xaqiiji soo celin: 1
qoto dheer = 0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Xamaasada, CN = *.desdelinux.fan, emailAddress = buzz@desdelinuxtaageere xaqiiji soo noqoshada:1
--- Silsilad shahaadada 0 s:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Xisayste/CN=*.desdelinux.fan/emailAddress=Buzz@desdelinux.fan i:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Xisayste/CN=*.desdelinux.fan/emailAddress=Buzz@desdelinux.fan
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICyzCCAjSgAwIBAgIJAKUHI/2ZD+MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD
VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK
Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU
ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51
eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE
BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO
RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq
LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu
ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ
m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR+Bnk+OZ80lujS2hP+nBmqxzJbpc
XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW+lnPBqF2b/Bt2eYyR7gJhtlP6gRG
V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ
KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW+QkLskum7ESryHZonKOCelfn2vnRl
8oAgHg7Hbtg/e6sR/W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql
LT+MV5/DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6/VQBI8=
-----END CERTIFICATE-----
subject=/C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Xisayste/CN=*.desdelinux.fan/emailAddress=Buzz@desdelinux.fane bixiye=/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Fan/OU=Xisayste/CN=*.desdelinux.fan/emailAddress=Buzz@desdelinux.fan --- Ma jiro shahaado macmiil oo CA magacyo loo soo diray Keydka Temp Key: ECDH, secp384r1, 384 bits --- SSL gacan qaadka waxa uu akhriyay 1342 bytes oo qoray 411 bytes --- Cusub, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256 -GCM-SHA384 Furaha dadweynaha ee Server-ku waa 1024-bit Dib-u-gorgortan Sugan waa la taageeray Isku-buufin: Waxba Balaadhinta: MA JIRTO SSL-Kulanka: Hab-maamuuska: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Fadhi-ID: C745B4A0236204FF16234DC15 9F3DB 084125C5989BF5E6D5295A Fadhiga-ID- ctx : Master-key: 4D2C73B1904CEA204F564AF76361AF50373D8879C793F7F7506A04473777FD6CD3503F9BC919BFF1E837F67g:NoFneAr Tilmaamaha aqoonsiga: Midna tigidhka fadhiga TLS tigidhka nolosha: 29 (ilbiriqsi) Tigidhka fadhiga TLS: 309 - 352526e 5a f5 300 0000a 4f 3 8- ee f29 a7 4f fc ec 63e 72c N:.)zOcr...O..~. 7 - 6c d4 be a7 be 1 0010e ae-2 4e 8 92d 2 c98 7 a87 ,.....~.mE... 6 - db 45a 5 17 df 8b dc 0020d-f3 86f 80 8e db8 e8 .:......hn.... 1 - 68 6 e7 eb 3 b86 a0030 08-35 b5 ea f98 8 f4 c98 68 .1......h...r ..y 7 - 72 7a 1 e79 5 a0040 89b da-e4 28a 3 c85 4 bf 8 9d .J(......z).w.". 7 - bd 29c f7 77 22c a0 0050 bd-cb 5 6 61 8a dc 1 14 .\.a.....31'fz.Q( 27 - b66 of 7 bd 51b 28f d1 ec-d0060 e7 35 c2 0 4 b3 0 ..14 8 - 65 03 f1 de 35 da ae 5-5 bd f0070 b38 e34 8c cf 48 31..H..90........ 6 - f0 6 9 19 84 b1 0080c db-aa ee 5a d42 56b 13c dd 88 .BV.......Z...,.q 0 - 8a f5 7 1 2 71 c0090 7a-1 e03 70f 90c bf dc 94c a9 z..p.. ..b. ....... Waqtiga Bilawga: 0 Wakhtigu ka dhamaaday: 62 (sek) Xaqiiji lambarka soo celinta: 5 (shahaadada iskii u saxeexday) ---
+ OK Dovecot waa diyaar!
Legolas USER
+ Waayahay
LASOOBADA legolas
+ OK Waad gashay
LIST
+ OK 1 farriimo: 1 1021.
DANBE 1
+ OK 1021 octets Jidka Soo laabashada: X-Asal ahaan-Ku: legolas@desdelinuxtaageere Waxaa loo dhiibay: legolas@desdelinux. taageere Helay: ka sysadmin.desdelinux.fan (albaab [172.16.10.1]) by desdelinux.fan (Postfix) oo wata aqoonsiga ESMTP 51886C11E8C0 ee loogu talagalaydesdelinux.fan>; Isniin, May 22, 2017 15:09:11 -0400 (EDT) Farriinta-ID: <919362.931369932-sendEmail@sysadmin> Ka: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan"desdelinux.fan> Mawduuca: Salaan Tariikhda: Isniin, May 22 2017 19:09:11 +0000 X-Mailer: sendemail-1.56 MIME-Version: 1.0 Content-Noe: Multipart/ related; boundary="----MIME-delimiter for sendEmail-365707.724894495" Tani waa fariin qaybo badan oo qaab MIME ah. Si aad si sax ah u muujiso fariintan waxaad u baahan tahay MIME-Version 1.0 barnaamijka iimaylka ee waafaqsan. ------MIME xad-dhaafka ah ee dir Email-365707.724894495 Nuxurka Nooca: qoraal/cad; charset = "iso-8859-1" Content-Transfer-Encoding: 7bit Salaan Legolas ee saaxiibkaa Buzz ------MIME xaddidaadda diridaEmail-365707.724894495-- .
QUIT
+ OK Gelitaanka. la xiray
buuzz @ sysadmin: ~ $

Mucjisada

Mucjisada waa macaamiil websaydh ah oo si buuxda ugu qoran PHP. Waxaa ku jira kaalmada PHP ee u gaarka ah borotokoolka IMAP iyo SMTP, waxayna siisaa iswaafajinta ugu badan ee daalacayaasha kala duwan ee la adeegsado. Waxay ku socotaa si sax ah server kasta oo IMAP ah. Waxay leedahay dhammaan shaqooyinka aad uga baahan tahay macaamiisha emaylka oo ay ku jiraan taageerada MIME, buuga cinwaanka iyo maaraynta galka.

[xididka @ Linux_ ~] # yum rakib squirrelmail
[xididka @ linuxbox ~] # adeeg httpd dib u bilaabi

[xidid @ linuxbox ~] # nano /etc/squirrelmail/config.php
$ domain = 'desdelinux.fan';
$imapServerAddress = 'mail.desdelinux.fan';
$ imapPort = 143;
$smtpServerAddress = 'desdelinux.fan';

[xididka @ linuxbox ~] # adeeg dib u cusbooneysiinta httpd

DNS U dir Siyaasad Framenwork ama diiwaanka SPF

Maqaalka NSD Maamulaha DNS Server + Shorewall Waxaan aragnay in aagga"desdelinux.fan» waxaa loo habeeyey sida soo socota:

xidid@ns:~# nano /etc/nsd/desdelinux.fan.aag
$ORIGIN desdelinux. taageere. $TTL 3H @ SOA nos.desdelinux. taageere. xidid.desdelinux. taageere. ( 1 ; taxane 1D ; dib u cusboonaysii 1H ; isku day 1W ; dhacayso 3H ) ; ugu yar ama; Waqtiga kaydinta xun ee nolosha; @ IN NS ns.desdelinux. taageere. @ IN MX 10 iimaylka.desdelinux. taageere.
IN TXT "v=spf1 a:mail.desdelinux.fan -dhammaan"
; ; Diiwaangelinta si loo xalliyo su'aalaha qodista desdelinuxtaageere @ IN A 172.16.10.10; ns IN A 172.16.10.30 boostada CNAME   desdelinux. taageere. ku sheekee CNAME   desdelinux. taageere. www IN CNAME   desdelinux. taageere. ; ; Diiwaanada SRV ee la xidhiidha XMPP
_xmpp-server._tcp IN SRV 0 0 5269 desdelinux. taageere. _xmpp-macmiil._tcp IN SRV 0 0 5222 desdelinux. taageere. _jabber._tcp IN SRV 0 0 5269 desdelinux. taageere.

Waxaa ku jira diiwaanka:

IN TXT "v=spf1 a:mail.desdelinux.fan -dhammaan"

Si loo helo halbeeg isku mid ah oo loogu talagalay SME Network ama LAN, waa inaan wax ka beddelnaa feylka qaabeynta Dnsmasq sida soo socota:

# Diiwaanada TXT. Waxaan sidoo kale ku dhawaaqi karnaa diiwaanka SPF txt-record=desdelinux.fan,"v=spf1 a:mail.desdelinux.fan -dhammaan"

Kadib waxaan dib u bilaabi doonaa adeegga:

[root @ linuxbox ~] # adeeg dnsmasq dib u bilaw
[root@linuxbox ~] # heerka adeegga dnsmasq [root@linuxbox ~] # martigeliyaha -t TXT mail.desdelinux.fanaan mail.desdelinux.fanku waa magac u yaal desdelinux. taageere.
desdelinux.faan qoraal sifayn "v=spf1 a:mail.desdelinux.fan -dhammaan"

Shahaadooyinka Is-saxeexa ah iyo Apache ama httpd

Xitaa haddii biraawsarkaagu kuu sheego taas «Mulkiilaha email.desdelinux. taageere Waxaad u qaabeysay boggaaga si khaldan. Si looga hortago in macluumaadkaaga la xado, Firefox kuma xirnayn degelkan ”, shahaadadii hore loo soo saaray WUXUU SHAQAYNAYAA, oo u oggolaan doonta aqoonsiyada ka dhexeeya macmiilka iyo server-ka inay u safraan si qarsoodi ah, ka dib markaan aqbalno shahaadada.

Haddii aad rabto, iyo sidii loo midayn lahaa shahaadooyinka, waxaad ugu dhawaaqi kartaa Apache isla shahaadooyinka aad ku caddeysay Postfix, taas oo sax ah.

[xididka @ Linux_ ~] # nano /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/desdelinux.fan.crt
SSLCertificateKeyFile /etc/pki/tls/private/desdelinux.fan.key

[xididka @ Linux_ ~] # adeega httpd dib u bilow
[xididka @ Linux_ ~] # adeegga xaaladda httpd

Kooxda Diffie-Hellman

Mawduuca Amniga ayaa ku sii adkaanaya maalin kasta internetka. Mid ka mid ah weerarada ugu badan ee lagu qaado isku xirnaanta SSL, waa logjam iyo in laga difaaco waxaa lagama maarmaan ah in lagu daro cabirro aan caadi aheyn qaabeynta SSL. Tan awgeed waxaa jira RFC-3526 «More Qaabdhismeed Qaali ah (MODP) diffie-hellman Kooxaha isweydaarsiga furaha internetka (IKE)«.

[xididka @ linuxbox ~] # cd / iwm / pki / tls /
[xididka @ linuxbox tls] # openssl dhparam -out gaar / dhparams.pem 2048
[xididka @ linuxbox tls] # chmod 600 gaarka loo leeyahay / dhparams.pem

Marka loo eego nooca Apache ee aan rakibnay, waxaan faylka ka isticmaali doonaa Kooxda Diffie-Helman /etc/pki/tls/dhparams.pem. Haddii ay tahay nooc 2.4.8 ama ka dib, markaa waa inaan ku darnaa feylka /etc/httpd/conf.d/ssl.conf sadarka soo socda:

SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"

Nooca Apache ee aan adeegsaneyno waa:

[xididka @ linuxbox tls] # yum info httpd
Fidiyeyaal la soo raray: fastestmirror, langpacks Soodejinta xawaaraha muraayadaha laga keenayo hostfile-ka keydka ah ee la keydiyay Baakadaha la rakibay Magaca: httpd Architecture: x86_64
Nooca: 2.4.6
Siidaynta: 45.el7.centos Cabbirka: 9.4 M Keydinta: lagu rakibay Bakhaarka: Saldhigga-Soo-Koobid: Apache HTTP Server URL: http://httpd.apache.org/ License: ASL 2.0 Sharaxaad: Apache HTTP Server waa awood , hufan, oo la dheereyn karo: shabakadda shabakadda.

Maaddaama aan haysanno nooc ka hor 2.4.8, waxaan ku darnaa waxyaabaha Diffie-Helman Group illaa dhammaadka shahaadada CRT ee horay loo soo saaray:

[xididka @ linuxbox tls] # bisad gaar loo leeyahay / dhparams.pem >> shahaadooyin/desdelinux.fan.crt

Haddii aad rabto inaad hubiso in xuduudaha DH-ga si sax ah loogu daray shahaadada CRT, fuliso amarradan soo socda:

[xididka @ linuxbox tls] # bisad gaar loo leeyahay / dhparams.pem 
----- BARNAAMIJYADA FARSAMADA -----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- DHAMMAAD DHAADHAHA DHAMMAADKA -----

[root@linuxbox tls] # shahaadooyin bisad/desdelinux.fan.crt 
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK
DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM
DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu
ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT
AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl
c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz
ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8
sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB
idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb
O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr
/BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF
uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY
ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1
5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe
/02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm
1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B
yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T
YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK
UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ
uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf
KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U
FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V
6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz
UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3
2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo
pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5
8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU
4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS
YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh
Nf0/JsEjPklCugE=
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- DHAMMAAD DHAADHAHA DHAMMAADKA -----

Isbedeladaan kadib, waa inaan dib u bilownaa adeegyada Postfix iyo httpd:

[root @ linuxbox tls] # dib u bilawga adeegga boostada
[xididka @ linuxbox tls] # xaaladda boostada ee adeegga
[root @ linuxbox tls] # adeeg httpd dib u bilaw
[xididka @ linuxbox tls] # adeegga xaaladda httpd

Ku darista Kooxda Diffie-Helman ee shahaadooyinkeena TLS waxay ka dhigi kartaa isku xirnaanta HTTPS xoogaa gaabis ah, laakiin ku darista amniga ayaa si fiican u qalantaa.

Hubinta Squirrelmail

KADIB in shahaadooyinka si sax ah loo soo saaray oo aan u hubinno hawlgalkooda saxda ah sidii aan ku sameynay amarrada konsalka, ku tilmaam biraawsarka aad doorbidayso cinwaanka URL http://mail.desdelinux.fan/webmail waxayna ku xirmi doontaa macmiilka webka ka dib marka la aqbalo shahaadada u dhiganta. Ogsoonow, in kasta oo aad sheegto borotokoolka HTTP, waxaa loo weecin doonaa HTTPS, tanina waxaa ugu wacan qaabeynta caadiga ah ee CentOS ay u siiso Squirrelmail. Fiiri feylka /etc/httpd/conf.d/squirrelmail.conf.

Ku saabsan sanduuqa boostada isticmaalaha

Dovecot wuxuu abuuraa sanduuqa boostada IMAP galka guriga isticmaale kasta:

[xidid @ linuxbox ~] # ls -la /home/legolas/mail/.imap/
wadarta 12 drwxrwx ---. 5 legolas mail 4096 Meey 22 12:39. drwx ------. 3 legolas legolas 75 Meey 22 11:34 .. -rw -------. 1 legolas legolas 72 Meey 22 11:34 dovecot.mailbox.log -rw -------. 1 legolas legolas Meey 8 22 12:39 dovecot-uidvalidity -r - r - r--. 1 legolas legolas 0 Meey 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. 2 legolas mail 56 May 22 10:23 INBOX drwx ------. 2 legolas legolas 56 Meey 22 12:39 Lagu diray drwx ------. 2 legolas legolas 30 Meey 22 11:34 Qashin

Waxay sidoo kale ku keydsan yihiin / var / mail /

[xididka @ linuxbox ~] # ka yar / var / mail / legolas
Laga bilaabo MAILER_DAEMON Isniin Meey 22 10:28:00 2017 Taariikhda: Isniin, Meey 22 2017 10:28:00 -0400 Ka: Nidaamka Boostada Xogta Gudaha Mawduuca: Ha tirtirin Farriintan --Faylka XOGTA gudaha Fariinta-ID: <1495463280@linuxbox> . Waxaa si toos ah u abuura software nidaamka boostada. Haddii la tirtiro, xogta muhiimka ah ee galku way lumi doontaa, waxaana dib loo abuuri doonaa iyada oo xogta dib loo dejinayo qiyamka hore. Laga soo bilaabo xidid @desdelinux.fanka Isniinta Meey 22 10:47:10 2017 Jidka soo laabashada:desdelinux.fan> X-Original-Ku: legolas Waxaa loo dhiibay: legolas@desdelinux.fanaan Helay: by desdelinux.fan (Postfix, from userid 0) id 7EA22C11FC57; Isniin, May 22, 2017 10:47:10 -0400 (EDT) Taariikhda: Isniin, 22 Meey 2017 10:47:10 -0400 Ku: legolas@desdelinuxMawduuca taageere: Tijaabada Isticmaalaha-Wakiilka: Heirloom mailx 12.5 7/5/10 MIME-Nooca: 1.0 Nuxurka-Nooca: Qoraal/Badhan; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <20170522144710.7EA22C11FC57@desdelinux.fan> Ka: root@desdelinux.fan (xidid) X-UID: 7 Xaaladda: RO Hello. Tani waa fariin tijaabo ah oo ka timid buzz@deslinux.fan Isniin May 22 10:53:08 2017 Jidka Soo laabashada: X-Asal ahaan-Ku: legolas@desdelinuxtaageere Waxaa loo dhiibay: legolas@desdelinux. taageere Helay: ka sysadmin.desdelinux.fan (albaab [172.16.10.1]) by desdelinux.fan (Postfix) leh ESMTP id C184DC11FC57 loogu talagalaydesdelinux.fan>; Isniin, May 22, 2017 10:53:08 -0400 (EDT) Farriinta-ID: <739874.219379516-sendEmail@sysadmin> Ka: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan"desdelinux.fan> Mawduuca: Salaan Tariikhda: Isniin, May 22 2017 14:53:08 +0000 X-Mailer: sendemail-1.56 MIME-Version: 1.0 Content-Noe: Multipart/ related; xuduud="----MIME xad-dhaafka ah ee dir Email-794889.899510057
/ var / mail / legolas

Soo koobista PAM gaabin

Waxaan eegnay aasaaska 'Mailserver' waxaan xoogaa xooga saarnay amniga. Waxaan rajeyneynaa in maqaalka uu u adeegi doono sidii Barta Galitaanka mowduuc dhib badan oo u nugul khaladaadka maadaama uu yahay hirgalinta Server Server-ka gacanta.

Waxaan u adeegsanaa aqoonsiga isticmaalaha maxalliga ah maxaa yeelay haddii aan si sax ah u akhrinno feylka /etc/dovecot/conf.d/10-auth.conf, waxaan arki doonaa in dhamaadka ay ku jirto -iyada oo ay ku xiran yihiin- feylka aqoonsiga ee isticmaalayaasha nidaamka ! ku dar auth-system.conf.ext. Dhab ahaan feylkani wuxuu noogu sheegayaa cinwaankiisa:

[xididka @ Linux_ ~] # wax yar /etc/dovecot/conf.d/auth-system.conf.ext
Xaqiijinta dadka isticmaala nidaamka. Ka mid ahaa 10-auth.conf. # # # # Aqoonsiga PAM. Maalmahan doorbiday nidaamyada badankood.
# PAM waxaa caadi ahaan loo isticmaalaa midkood passdd userdb ama userdb ma guurto ah. # XASUUSO: Waxaad ubaahantahay faylka /etc/pam.d/dovecot oo loo sameeyay PAM # xaqiijinta si dhab ah u shaqeyso. passdb {driver = pam # [session = haa] [setcred = haa] [failure_show_msg = haa] [max_requests = ] # [khasnado_key = ] [ ] #args = qoolley}

Faylka kalena wuu jiraa /etc/pam.d/dovecot:

[xididka @ linuxbox ~] # bisad /etc/pam.d/dovecot 
#% PAM-1.0 auth loo baahan yahay pam_nologin.so auth waxaa kujira koontada-password auth waxaa kamid ah password-auth fadhiga waxaa kamid ah password-auth

Maxaan isku dayeynaa inaan ka gudbino xaqiijinta PAM?

• CentOS, Debian, Ubuntu, iyo qaybino kale oo badan oo Linux ah ayaa ku rakibaya Postifx iyo Dovecot xaqiijinta maxalliga ah oo ay awood u siisay.
• Maqaallo badan oo internetka ku saabsan ayaa adeegsada MySQL - iyo goor dhaweyd oo MariaDB - si loogu kaydiyo isticmaaleyaasha iyo xogta kale ee ku saabsan Mailserver. LAAKIIN kuwani waa adeegyo kumanaan kun oo isticmaaleyaal ah, mana ahan shabakad caan ah oo SME oo leh - laga yaabee - boqolaal isticmaaleyaal ah.
• Xaqiijinta iyada oo loo marayo PAM waa lagama maarmaan oo ku filan in lagu bixiyo adeegyo shabakadeed illaa iyo inta ay ku shaqeynayaan hal adeege sida aan ku aragnay meerisyadan.
• Isticmaalayaasha ku kaydsan xogta LDAP waxaa loo samayn karaa khariidad sidii ay ahaayeen isticmaaleyaasha maxalliga ah, iyo xaqiijinta PAM waxaa loo isticmaali karaa in lagu bixiyo adeegyo shabakadeed oo ka imanaya server-yo kala duwan oo Linux ah oo u shaqeeya sidii macaamiisha LDAP ee adeegga xaqiijinta dhexe. Sidan oo kale, waxaan kula shaqeyn doonnaa aqoonsiga isticmaaleyaasha ku keydsan xarunta dhexe ee serverka LDAP, mana ahan muhiim in la ilaaliyo keydka macluumaadka ee isticmaalayaasha maxalliga ah.

  

  

  

Illaa xiisaha soo socda!