Postfix + Dovecot + Squirrelmail ati awọn olumulo agbegbe - Awọn nẹtiwọọki SMB

Atọka gbogbogbo ti jara: Awọn nẹtiwọọki Kọmputa fun Awọn SME: Ifihan

Nkan yii jẹ itesiwaju ati kẹhin ti awọn minisita:

Kaabo awọn ọrẹ ati ọrẹ!

Los Awọn ololufẹ wọn fẹ lati ni olupin meeli tiwọn. Wọn ko fẹ lati lo awọn olupin nibiti “Asiri” wa laarin awọn ami ibeere. Eniyan ti o ni idiyele imuse iṣẹ lori olupin kekere rẹ kii ṣe alamọja lori koko-ọrọ ati ni ibẹrẹ yoo gbiyanju lati fi sori ẹrọ pataki ti ọjọ iwaju ati olupin meeli pipe. Ṣe iyẹn “awọn idogba” lati ṣe Mailserver Kikun ni o nira diẹ lati ni oye ati lo. 😉

Awọn akọsilẹ ala

  • O jẹ dandan lati ni oye nipa awọn iṣẹ wo ni eto kọọkan ti o kan ninu Mailserver ṣe. Gẹgẹbi itọsọna akọkọ a fun gbogbo lẹsẹsẹ ti awọn ọna asopọ ti o wulo pẹlu idi ti a kede pe wọn bẹwo.
  • Ṣiṣe imuṣe pẹlu ọwọ ati lati ibẹrẹ Iṣẹ Ifiranṣẹ Pipe jẹ ilana ti o nira, ayafi ti o ba jẹ ọkan ninu “Ayanfẹ” ti o ṣe iru iṣẹ yii lojoojumọ. Olupin Ifiweranṣẹ jẹ gbogbogbo ti awọn eto pupọ ti o mu lọtọ SMTP, POP / IMAP, Ibi ipamọ ti Awọn ifiranṣẹ, awọn iṣẹ-ṣiṣe ti o ni ibatan si itọju ti awọn Bọtini, Antivirus, abbl. GBOGBO awọn eto wọnyi gbọdọ ba ara wọn sọrọ ni deede.
  • Ko si iwọn-ọkan-ibaamu-gbogbo tabi “adaṣe ti o dara julọ” lori bii o ṣe le ṣakoso awọn olumulo; ibiti ati bii o ṣe le fi awọn ifiranṣẹ pamọ, tabi bii o ṣe le jẹ ki gbogbo awọn paati ṣiṣẹ bi odidi ẹyọkan.
  • Apejọ ati ṣiṣatunṣe itanran ti Mailserver duro lati jẹ irira ni awọn ọrọ bii awọn igbanilaaye ati awọn oniwun faili, yiyan iru olumulo wo ni yoo ṣe abojuto ilana kan, ati ni awọn aṣiṣe kekere ti a ṣe ni diẹ ninu faili iṣeto esoteric.
  • Ayafi ti o ba mọ daradara ohun ti o n ṣe, abajade ipari yoo jẹ ailaabo tabi Iṣẹ-iṣẹ Ifiranṣẹ meeli ti ko ṣiṣẹ diẹ. Iyẹn ni opin imuse O ko ṣiṣẹ, o ṣee ṣe o kere julọ ti awọn ibi.
  • A le rii lori Intanẹẹti iye ti awọn ilana ti o dara lori bi a ṣe le ṣe Olupin Ifiranṣẹ. Ọkan ninu pipe julọ -ninu ero ti ara mi gan- ni eyi ti onkọwe funni Ivar Abrahamsen ninu atẹjade kẹtala rẹ ti Oṣu Kini Oṣu Kini ọdun 2017 «Bii o ṣe le ṣeto olupin meeli lori eto GNU / Linux".
  • A tun ṣeduro kika nkan naa «A Mailserver lori Ubuntu 14.04: Postfix, Dovecot, MySQL«, tabi «A Mailserver lori Ubuntu 16.04: Postfix, Dovecot, MySQL".
  • Otitọ. Awọn iwe aṣẹ ti o dara julọ ni eleyi ni ao rii ni ede Gẹẹsi.
    • Biotilẹjẹpe a ko ṣe Mailserver ni iṣootọ itọsọna nipasẹ awọn Bi o si ... mẹnuba ninu paragira ti tẹlẹ, otitọ lasan ti atẹle rẹ ni igbesẹ nipasẹ igbesẹ yoo fun wa ni imọran ti o dara pupọ ti ohun ti a yoo dojuko.
  • Ti o ba fẹ lati ni Mailserver pipe ni awọn igbesẹ diẹ, o le ṣe igbasilẹ aworan naa iRedOS-0.6.0-CentOS-5.5-i386.iso, tabi wa fun igbalode diẹ sii, jẹ iRedOS tabi iRedMail. O jẹ ọna ti Mo funrararẹ ṣeduro.

A yoo fi sori ẹrọ ati tunto:

O wa lati ṣe:

O kere awọn iṣẹ wọnyi yoo wa lati ṣe imuse:

  • Postgrey: Awọn ilana olupin Postfix fun Awọn atokọ Grẹy ati kọ Meeli Ifiranṣẹ.
  • Amavisd-titun: iwe afọwọkọ ti o ṣẹda wiwo laarin MTA, ati awọn ọlọjẹ ọlọjẹ ati awọn asẹ akoonu.
  • Antivirus Clamav: antivirus suite
  • SpamAssassin: jade Junk Mail
  • Afẹfẹ (Pyzor): Yaworan SPAM nipasẹ pinpin kaakiri ati nẹtiwọọki ajọṣepọ. Nẹtiwọọki Vipul Razor ṣetọju iwe atokọ ti a ṣe imudojuiwọn ti itankale ti àwúrúju tabi meeli ijekuje.
  • Igbasilẹ DNS "Ifiranṣẹ Idanimọ DomainKeys" tabi DKIM.

Awọn idii postgrey, amavisd-tuntun, clamav, spamassassin, felefele y pyzor Wọn rii ni awọn ibi ipamọ eto. A yoo tun wa eto naa opendkim.

  • Ikede ti o pe fun awọn igbasilẹ DNS "SPF" ati "DKIM" jẹ pataki ti a ko ba fẹ ki olupin meeli wa kan ṣiṣẹ, lati kede ni aiyẹ tabi olupilẹṣẹ ti SPAM tabi Ifiranṣẹ Junk, nipasẹ awọn iṣẹ meeli miiran gẹgẹbi Gmail, Yahoo, Hotmail, abbl.

Awọn iṣayẹwo akọkọ

Ranti pe nkan yii jẹ itesiwaju awọn elomiran ti o bẹrẹ ninu Ijeri Squid + PAM lori CentOS 7.

Ni wiwo Ens32 LAN ti sopọ si Nẹtiwọọki Inu

[root @ linuxbox ~] # nano / ati be be / sysconfig / awọn iwe afọwọkọ nẹtiwọọki / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
AYA = gbangba

[root @ linuxbox ~] # ifdown ens32 && ifup ens32

Ni wiwo Ens34 WAN ti sopọ si Intanẹẹti

[root @ linuxbox ~] # nano / ati be be / sysconfig / awọn iwe afọwọkọ nẹtiwọọki / ifcfg-ens34
ẸRỌ = ens34 ONBOOT = bẹẹni BOOTPROTO = aimi HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = ko si IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Olulana ADSL ti sopọ si # wiwo yii pẹlu # adirẹsi atẹle. IP GATEWAY = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
AYA = ita

Ipinu DNS lati LAN

[root @ linuxbox ~] # cat /etc/resolv.conf wa lati linux.fan olupin orukọ 127.0.0.1 olupin orukọ 172.16.10.30 [root @ linuxbox ~] # meeli ifiweranṣẹ
mail.desdelinux.fan jẹ inagijẹ fun linuxbox.desdelinux.fan. linuxbox.desdelinux.fan ni adirẹsi 192.168.10.5 linuxbox.desdelinux.fan meeli ti wa ni abojuto nipasẹ 1 mail.desdelinux.fan.

[root @ linuxbox ~] # gbalejo mail.fromlinux.fan
mail.desdelinux.fan jẹ inagijẹ fun linuxbox.desdelinux.fan. linuxbox.desdelinux.fan ni adirẹsi 192.168.10.5 linuxbox.desdelinux.fan meeli ti wa ni abojuto nipasẹ 1 mail.desdelinux.fan.

Iwọn DNS lati Intanẹẹti

buzz @ sysadmin: ~ $ gbalejo mail.fromlinux.fan 172.16.10.30
Lilo olupin ašẹ: Orukọ: 172.16.10.30 Adirẹsi: 172.16.10.30 # 53 Awọn aliases: mail.desdelinux.fan jẹ inagijẹ fun desdelinux.fan.
lati linux.fan ni adirẹsi 172.16.10.10
desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli meeli 10.desdelinux.fan.

Awọn iṣoro ṣiṣe ipinnu ni agbegbe ti orukọ olupin “desdelinux.fan”

Ti o ba ni awọn išoro lati yanju orukọ igbalejo «latilinux.fan" lati lan, gbiyanju lati sọ asọye laini faili naa /ati be be/dnsmasq.conf ibi ti o ti wa ni kede agbegbe = / lati linux.fan /. Lẹhinna, tun bẹrẹ Dnsmasq naa.

[root @ linuxbox ~] # nano /etc/dnsmasq.conf # Sọ asọye laini isalẹ:
# agbegbe = / desdelinux.fan /

[root @ linuxbox ~] # iṣẹ dnsmasq tun bẹrẹ
Ìtúnjúwe si / bin / systemctl tun bẹrẹ dnsmasq.service

[gbongbo @ linuxbox ~] ipo # iṣẹ dnsmasq

[gbongbo @ linuxbox ~] # agbalejo lati linux.fan
desdelinux.fan ni adirẹsi 172.16.10.10 desdelinux.fan meeli ti wa ni abojuto nipasẹ meeli 10.desdelinux.fan.

Postfix ati Dovecot

A le rii iwe ti o gbooro pupọ ti Postfix ati Dovecot ni:

[root @ linuxbox ~] # ls /usr/share/doc/postfix-2.10.1/
bounce.cf. aiyipada Iwe-aṣẹ README-Postfix-SASL-RedHat.txt Ibamu main.cf. aiyipada TLS_ACKNOWLEDGEMENTS apeere README_FILES TLS_LICENSE

[root @ linuxbox ~] # ls /usr/share/doc/dovecot-2.2.10/
AUTHORS COPYING.MIT dovecot-openssl.cnf Awọn iroyin wiki COPYING ChangeLog apẹẹrẹ-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml

Ni CentOS 7, Postfix MTA ti fi sori ẹrọ nipasẹ aiyipada nigbati a ba yan aṣayan Server Infrastructure. A gbọdọ ṣayẹwo pe ipo SELinux ngbanilaaye kikọ si Potfix ninu isinyi ifiranṣẹ agbegbe:

[root @ linuxbox ~] # getsebool -a | ori ifiweranṣẹ grep
postfix_local_write_mail_spool -> on

Awọn iyipada ninu OgiriinaD

Lilo iwoye ayaworan lati tunto FirewallD, a gbọdọ rii daju pe awọn iṣẹ wọnyi ati awọn ibudo wa ni ṣiṣiṣẹ fun Agbegbe kọọkan:

# --------------------------------------------------------- -----
# Awọn atunṣe ni FirewallD
# --------------------------------------------------------- -----
# Ogiriina
# Agbegbe ilu: http, https, imap, pop3, awọn iṣẹ smtp
# Agbegbe agbegbe: awọn ibudo 80, 443, 143, 110, 25

# Agbegbe ita: http, https, imap, pop3s, awọn iṣẹ smtp
# Agbegbe ita: awọn ibudo 80, 443, 143, 995, 25

A fi Dovecot sori ẹrọ ati awọn eto pataki

[root @ linuxbox ~] # yum fi sori ẹrọ dovecot mod_ssl procmail telnet

Eto Dovecot ti o kere julọ

[root @ linuxbox ~] # nano /etc/dovecot/dovecot.conf
Ilana = imap pop3 lmtp
gbọ = *, ::
iwọle-ikini = Dovecot ti ṣetan!

A mu imukuro ijẹrisi alaye Dovecot ni gbangba:

[root @ linuxbox ~] # nano /etc/dovecot/conf.d/10-auth.conf 
disable_plaintext_auth = bẹẹni

A kede Ẹgbẹ pẹlu awọn anfaani ti o yẹ lati ṣe pẹlu Dovecot, ati ipo ti awọn ifiranṣẹ naa:

[root @ linuxbox ~] # nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox: ~ / mail: INBOX = / var / mail /% u
mail_privileged_group = leta
mail_access_groups = meeli

Awọn iwe-ẹri fun Dovecot

Dovecot ṣe ipilẹṣẹ awọn iwe-ẹri idanwo rẹ da lori data ninu faili naa /etc/pki/dovecot/dovecot-openssl.cnf. Lati ni awọn iwe-ẹri tuntun ti ipilẹṣẹ gẹgẹbi awọn ibeere wa, a gbọdọ ṣe awọn igbesẹ wọnyi:

[gbongbo @ linuxbox ~] # cd / ati be be lo / pki / dovecot /
[root @ lindobox dovecot] # nano dovecot-openssl.cnf
[req] default_bits = 1024 encrypt_key = bẹẹni adayanri_name = req_dn x509_extensions = cert_type tọ = ko si [req_dn] # orilẹ-ede (koodu lẹta 2) C = CU # Ipinle tabi Orukọ Agbegbe (orukọ kikun) ST = Cuba # Orukọ Agbegbe (fun apẹẹrẹ ilu. ) L = Habana # Agbari (fun apẹẹrẹ. Ile-iṣẹ) O = FromLinux.Fan # Orukọ Iṣọkan Iṣọkan (fun apẹẹrẹ. Abala) OU = Awọn olufokansin # Orukọ Wọpọ (* .example.com tun ṣee ṣe) CN = *. Desdelinux.fan # E -Imeeli olubasoro imeeli Adirẹsi =buzz@desdelinux.fan [cert_type] nsCertType = olupin

A yọkuro awọn iwe-ẹri idanwo

[gbongbo @ linuxbox dovecot] # rm certs / dovecot.pem 
rm: paarẹ faili deede "certs / dovecot.pem"? (y / n) y
[gbongbo @ linuxbox dovecot] # rm ikọkọ / dovecot.pem 
rm: paarẹ faili deede "ikọkọ / dovecot.pem"? (y / n) y

A daakọ ati ṣiṣẹ iwe afọwọkọ naa mkcert.sh lati ilana iwe

[gbongbo @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [gbongbo @ linuxbox dovecot] # bash mkcert.sh 
Ṣiṣẹda bọtini ikọkọ ti RSA 1024 bit ...... ++++++ ................ ++++++ kikọ bọtini ikọkọ tuntun si '/ ati be be / pki / dovecot / ikọkọ / dovecot.pem '----- koko = /C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress= buzz@desdelinux.fan SHA1 Fingerprint = 5F: 4A: 0C: 44: EC: EC: EF: 95: 73: 3E: 1E: 37: D5: 05: F8: 23: 7E: E1: A4: 5A

[gbongbo @ linuxbox dovecot] # ls -l certs /
lapapọ 4 -rw -------. 1 root root 1029 May 22 16:08 dovecot.pem
[gbongbo @ linuxbox dovecot] # ls -l ikọkọ /
lapapọ 4 -rw -------. 1 root root 916 May 22 16:08 dovecot.pem

[gbongbo @ linuxbox dovecot] atunbere iṣẹ # tun bẹrẹ
[gbongbo @ linuxbox dovecot] ipo ipo adaba iṣẹ

Awọn iwe-ẹri fun Postfix

[root @ linuxbox ~] # cd / etc / pki / tls / [root @ linuxbox tls] # openssl req -sha256 -x509 -nodes -newkey rsa: 4096 -days 1825 \ -out certs / desdelinux.fan.crt -keyout ikọkọ / desdelinux.fan.key

Ṣiṣẹda bọtini ikọkọ 4096 bit RSA ......... ++ .. ++ kikọ bọtini ikọkọ tuntun si 'ikọkọ / domain.tld.key' ----- O ti fẹ ki o beere lati tẹ alaye sii iyẹn yoo ṣafikun sinu ibeere ijẹrisi rẹ. Ohun ti o fẹrẹ tẹ ni eyiti a pe ni Orukọ iyatọ tabi DN kan. Awọn aaye diẹ lo wa ṣugbọn o le fi diẹ silẹ fun diẹ ninu awọn aaye yoo jẹ iye aiyipada kan, Ti o ba tẹ '.', A yoo fi aaye naa silẹ ni ofo. ----- Orukọ Orilẹ-ede (koodu lẹta meji) [XX]: Ipinle CU tabi Orukọ Agbegbe (orukọ kikun) []: Orukọ Agbegbe Cuba (fun apẹẹrẹ, ilu) [Ilu aiyipada]: Orukọ Agbari Habana (fun apẹẹrẹ, ile-iṣẹ) [ Ile-iṣẹ aiyipada Ltd]: LatiLinux.Fan Orukọ Ẹka Organisation (fun apẹẹrẹ, apakan) []: Orukọ Tuntun ti Awọn Olukọni (fun apẹẹrẹ, orukọ rẹ tabi orukọ olupin ti olupin rẹ) []: desdelinux.fan Adirẹsi Imeeli []: buzz@desdelinux.fan

Ipele Ifiweranṣẹ Pọọku

A ṣafikun si opin faili naa / ati be be lo / awọn aliasi atẹle:

root: aruwo

Fun awọn ayipada lati ni ipa a ṣe pipaṣẹ wọnyi:

[gbongbo @ linuxbox ~] # awọn tuntun tuntun

Iṣeto Postifx le ṣee ṣe nipa ṣiṣatunṣe faili taara /ati be be/postfix/main.cf tabi nipa pipaṣẹ postconf -e mu abojuto pe gbogbo paramita ti a fẹ yipada tabi ṣafikun jẹ afihan ni ila kan ti itọnisọna naa:

  • Olukuluku gbọdọ sọ awọn aṣayan ti wọn loye ati ti o nilo!.
[root @ linuxbox ~] # postconf -e 'myhostname = desdelinux.fan'
[root @ linuxbox ~] # postconf -e 'mydomain = desdelinux.fan'
[root @ linuxbox ~] # postconf -e 'myorigin = $ mydomain'
[root @ linuxbox ~] # postconf -e 'inet_interfaces = gbogbo'
[root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, mail. $ mydomain, www. $ mydomain, ftp. $ mydomain'

[root @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8'
[root @ linuxbox ~] # postconf -e 'mailbox_command = / usr / bin / procmail -a "$ EXTENSION"'
[root @ linuxbox ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'

A ṣafikun si opin faili naa /ati be be/postfix/main.cf awọn aṣayan ti a fun ni isalẹ. Lati mọ itumọ ọkọọkan wọn, a ṣe iṣeduro kika awọn iwe atẹle.

biff = rara
append_dot_mydomain = rárá
delay_warning_time = 4h
readme_directory = rárá
smtpd_tls_cert_file = / ati be be lo / pki / certs / desdelinux.fan.crt
smtpd_tls_key_file = / ati be be lo / pki / ikọkọ / desdelinux.fan.key
smtpd_use_tls = bẹẹni
smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache
smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

# Iwọn apoti leta ti o pọ julọ 1024 megabytes = 1 g ati g
mailbox_size_limit = 1073741824

olugba_delimiter = +
maximal_queue_lifetime = 7d
header_checks = regexp: / ati be be lo / postfix / awọn akọle
awọn ayẹwo ara ẹni = regexp: / ati be be lo / postfix / body_checks

# Awọn iroyin ti o fi ẹda ti meeli ti nwọle ranṣẹ si akọọlẹ miiran
olugba_bcc_maps = elile: / ati be be lo / postfix / accounts_ forwarding_copy

Awọn ila wọnyi ni o ṣe pataki lati pinnu ẹni ti o le firanṣẹ meeli ati ki o firanṣẹ si awọn olupin miiran, ki a ma ba tunto laini “ṣiṣii ṣiṣi” eyiti ngbanilaaye awọn olumulo ti ko ni ijẹrisi lati firanṣẹ meeli. A gbọdọ ni imọran awọn oju-iwe iranlọwọ Postfix lati ni oye kini aṣayan kọọkan tumọ si.

  • Olukuluku gbọdọ sọ awọn aṣayan ti wọn loye ati ti o nilo!.
smtpd_helo_restrictions = permit_mynetworks,
 kilo_if_reject kọ_non_fqdn_hostname,
 kọ_invalid_hostname,
 iyọọda

smtpd_sender_restrictions = permit_sasl_authenticated,
 aaye_ayelujara,
 kilo_if_reject kọ_non_fqdn_sender,
 kọ_unknown_sender_domain,
 kọ_unauth_pipelining,
 iyọọda

smtpd_client_restrictions = ƙi_rbl_client sbl.spamhaus.org,
 kọ blackholes.easynet.nl kọ_rbl_client

# AKIYESI: Aṣayan "ṣayẹwo_policy_service inet: 127.0.0.1: 10023"
# ṣe iranlọwọ fun eto Postgrey, ati pe o yẹ ki a ṣafikun rẹ
# bibẹkọ ti a yoo lo Postgrey

smtpd_recipient_restrictions = ƙi_unauth_pipelining,
 aaye_ayelujara,
 allow_sasl_ijẹri,
 kọ_non_fqdn_recipient,
 kọ_unknown_recipient_domain,
 kọ_unauth_destination,
 check_policy_service inet: 127.0.0.1: 10023,
 iyọọda

smtpd_data_restrictions = ƙi_unauth_pipelining

smtpd_relay_restrictions = ƙi_unauth_pipelining,
 aaye_ayelujara,
 allow_sasl_ijẹri,
 kọ_non_fqdn_recipient,
 kọ_unknown_recipient_domain,
 kọ_unauth_destination,
 check_policy_service inet: 127.0.0.1: 10023,
 iyọọda
 
smtpd_helo_required = bẹẹni
smtpd_delay_reject = bẹẹni
disable_vrfy_command = bẹẹni

A ṣẹda awọn faili naa / ati be be lo / postfix / body_checks y / ati be be lo / postfix / accounts_forwarding_copy, ki o yi faili naa pada / ati be be lo / postfix / awọn ayẹwo akọle.

  • Olukuluku gbọdọ sọ awọn aṣayan ti wọn loye ati ti o nilo!.
[root @ linuxbox ~] # nano / ati be be lo / postfix / awọn ayẹwo-ara
# Ti faili yii ba ti yipada, ko ṣe dandan # lati ṣiṣe ifiweranse ifiweranṣẹ # Lati ṣe idanwo awọn ofin, ṣiṣe bi gbongbo: # postmap -q 'v1agra tuntun tuntun' regexp: / ati be be / postfix / body_checks
# Yẹ ki o pada: # Kọ Ofin # 2 Ara Ifiranṣẹ Spam Anti
/ viagra / REJECT Ofin # 1 Anti Spam ti ara ifiranṣẹ
/ Super tuntun v [i1] agra / REJECT Ofin # 2 Anti Spam ti ara ifiranṣẹ

[root @ linuxbox ~] # nano / ati be be lo / postfix / accounts_forwarding_copy
# Lẹhin títúnṣe, o gbọdọ ṣe: # ifiweranse ifiweranṣẹ / ati be be lo / postfix / accounts_ forwarding_copy
# ati pe faili ti ṣẹda tabi wọn: # /etc/postfix/cuentas_reenviando_copia.db
# ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------SA_SA_S_ Iroyin Kan Tii Kan Lati Fi siwaju Ẹda BCC # BCC = Ẹda Erogba Dudu # Apere: # webadmin@desdelinux.fan buzz@desdelinux.fan

[gbongbo @ linuxbox ~] # ifiweranse ifiweranṣẹ / ati be be lo / postfix / accounts_ forwarding_copy

[gbongbo @ linuxbox ~] # nano / ati be be lo / postfix / header_checks
# Fikun-un si opin faili naa # KO NI beere ifiweranse ifiweranṣẹ bi wọn ṣe jẹ Awọn ifihan Deede
/ ^ Koko-ọrọ: =? Big5? / REJECT koodu iwọle Kannada ti olupin yii ko gba
/ ^ Koko-ọrọ: =? EUC-KR? / REJECT koodu iwọle Korea ti ko gba laaye nipasẹ olupin yii
/ ^ Koko-ọrọ: ADV: / REJECT Awọn ipolowo ti olupin yii ko gba
/^ Lati Lati.
/^From:.* \@.* \.kr/ REJECT Ma binu, A ko gba leta meeli ti Korea ni ibi
/^From:.* \.
/^From:.* \@.* \.ro/ REJECT Ma binu, a ko gba iwe ifiweranṣẹ Romania ni ibi
/^(Ti o gba gba ni ifiranṣẹ-Id|X-(Mailer|Sender)):.* \bbAutoMail|E-Broadcaster|Emeiler Platinum | Thunder Server | eMarksman | Extractor | e-Merge | lati jiju [^.] | Ojiṣẹ Agbaye | GroupMaster | Mailcast | MailKing | Match10 | MassE-Mail | massmail \ .pl | Breaker News | Powermailer | Shot Quick | Ready Aim Fire | WindoZ | WorldMerge | Yourdora | Lite) \ b / REJECT Ko si awọn ifiweranse ibi-aye laaye.
/ ^ Lati: "spammer / REJECT
/ ^ Lati: "àwúrúju / Kọ
/^Ohun-ọrọ :.*viagra/ DISCARD
# Awọn amugbooro elewu
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / REJECT REJECT A ko gba awọn asomọ pẹlu awọn amugbooro wọnyi

A ṣayẹwo isopọmọ, tun bẹrẹ Apache ati Postifx, ati mu ṣiṣẹ ki o bẹrẹ Dovecot

[gbongbo @ linuxbox ~] # postfix ayẹwo
[gbongbo @ linuxbox ~] #

[root @ linuxbox ~] # systemctl tun bẹrẹ httpd
[root @ linuxbox ~] ipo # systemctl httpd

[root @ linuxbox ~] # systemctl tun bẹrẹ ifiweranṣẹ
[gbongbo @ linuxbox ~] # systemctl ipo ifiweranṣẹ

[gbongbo @ linuxbox ~] # systemctl ipo dovecot
Ve dovecot.service - Dovecot IMAP / POP3 olupin imeeli Ti kojọpọ: ti kojọpọ (/usr/lib/systemd/system/dovecot.service; alaabo; onisowo tito tẹlẹ: alaabo) Ti n ṣiṣẹ: aisise (okú)

[root @ linuxbox ~] # systemctl mu doccot ṣiṣẹ
[root @ linuxbox ~] # systemctl bẹrẹ dovecot
[root @ linuxbox ~] # systemctl tun bẹrẹ dovecot
[gbongbo @ linuxbox ~] # systemctl ipo dovecot

Awọn sọwedowo ipele-kọnputa

  • O ṣe pataki pupọ ṣaaju tẹsiwaju pẹlu fifi sori ẹrọ ati iṣeto ti awọn eto miiran, lati ṣe awọn sọwedowo to ṣe pataki ti o kere ju ti awọn iṣẹ SMTP ati POP.

Agbegbe lati ọdọ olupin funrararẹ

A fi imeeli ranṣẹ si olumulo agbegbe legolas.

[root @ linuxbox ~] # iwoyi "Hello. Eyi jẹ ifiranṣẹ idanwo kan" | mail -s "Idanwo" legolas

A ṣayẹwo apoti leta ti legolas.

[root @ linuxbox ~] # openssl s_client -crlf -sopọ 127.0.0.1:110 -starttls pop3

Lẹhin ifiranṣẹ naa Dovecot ti ṣetan! a tẹsiwaju:

---
+ OK Dovecot ti Ṣetan!
OLUMULO legolas + O DARA LASẸ legolas + O DARA Wọle. STAT + O DARA 1 559 Àtòkọ + O DARA 1 awọn ifiranṣẹ: 1 559. RETR 1 + O dara 559 octets Pada-Ọna: X-Original-To: legolas Ti a Firanṣẹ-Lati: legolas@desdelinux.fan Ti gba: nipasẹ desdelinux.fan (Postfix, lati userid 0) id 7EA22C11FC57; Mon, 22 May 2017 10:47:10 -0400 (EDT) Ọjọ: Mon, 22 May 2017 10:47:10 -0400 Si: legolas@desdelinux.fan Koko-ọrọ: Idanwo Aṣoju Olumulo: Heirloom mailx 12.5 7/5 / 10 MIME-Ẹya: 1.0 Akoonu-Iru: ọrọ / pẹtẹlẹ; charset = us-ascii Akoonu-Gbigbe-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Lati: root@desdelinux.fan (gbongbo) Kaabo. Eyi jẹ ifiranṣẹ idanwo kan. PADA ṢE
[gbongbo @ linuxbox ~] #

Awọn jijin lati kọmputa kan lori LAN

Jẹ ki a firanṣẹ ifiranṣẹ miiran si legolas lati kọmputa miiran lori LAN. Akiyesi pe aabo TLS KO ṣe pataki ni pataki laarin Nẹtiwọọki SME.

buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \
-t legolas@desdelinux.fan \
-u "Kaabo" \
-m "Ikini Legolas lati ọrẹ rẹ Buzz" \
-s mail.desdelinux.fan -o tls = rara
May 22 10:53:08 sysadmin sendemail [5866]: Imeeli ti firanṣẹ ni aṣeyọri!

Ti a ba gbiyanju lati sopọ nipasẹ telnet Lati ọdọ alejo kan lori LAN - tabi lati Intanẹẹti, dajudaju - si Dovecot, atẹle yoo ṣẹlẹ nitori a mu ijẹrisi pẹtẹlẹ mu:

buzz @ sysadmin: ~ $ telnet mail.fromlinux.fan 110 Gbiyanju 192.168.10.5 ...
Ti sopọ si linuxbox.fromlinux.fan. Ohun kikọ abayo ni '^]'. + OK Dovecot ti Ṣetan! olumulo legolas
-ERR [AUTH] Plaintext ijẹrisi ti a ko gba laaye lori awọn isopọ ti ko ni aabo (SSL / TLS).
olodun-+ DARA Wọle Isopọ pipade nipasẹ alejo ajeji.
aruwo @ sysadmin: ~ $

A gbọdọ ṣe nipasẹ openssl. Ijade pipe ti aṣẹ yoo jẹ:

buzz @ sysadmin: ~ $ openssl s_client -crlf -connect mail.desdelinux.fan:110 -starttls pop3
Ti sopọ (00000003)
ijinle = 0 C = CU, ST = Cuba, L = Havana, O = FromLinux.Fan, OU = Awọn olufẹ, CN = * .fromlinux.fan, emailAddress = buzz@fromlinux.fan
ṣayẹwo aṣiṣe: num = 18: ijẹrisi ti o fowo si ti ara ẹni rii daju ipadabọ:
ijinle = 0 C = CU, ST = Cuba, L = Havana, O = FromLinux.Fan, OU = Awọn olufokansin, CN = * .fromlinux.fan, imeeliAddress = buzz@fromlinux.fan jẹrisi ipadabọ: 1
--- Ẹwọn ijẹrisi 0 s: /C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN = *. Desdelinux.fan/emailAddress=buzz@desdelinux.fan i: / C =CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Ijẹrisi olupin ----- Bẹrẹ Ijẹrisi --- MIICyzCCAjSgAwIBAgIJAKUHI / 2ZD + MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51 eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ Bnk m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR + + + nBmqxzJbpc OZ80lujS2hP XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW + lnPBqF2b / Bt2eYyR7g JhtlP6gRG V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW + QkLskum7ESryHZonKOCelfn2vnRl 8oAgHg7Hbtg / e6sR / W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql LT + MV5 / DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6 / VQBI8 = ----- ----- opin ijẹrisi koko = / C = CU / ST = Cuba / L = Havana / O = DesdeLinux.Fan /OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan olufunni = / C = CU / ST = Cuba / L = Habana / O = DesdeLinux.Fan / OU = Awọn olutayo / CN = *. .fan / emailAddress = buzz @ desdelinux.fan --- Ko si ijẹrisi alabara Awọn orukọ CA ti a firanṣẹ Kokoro Temp Server: ECDH, secp384r1, bits 384 - ọwọ ọwọ SSL ti ka awọn baiti 1342 ati kikọ awọn baiti 411 --- Titun, TLSv1 / SSLv3 , Cipher jẹ ECDHE-RSA-AES256-GCM-SHA384 Bọtini gbangba ti olupin jẹ 1024 bit Isọdọkan Iṣeduro Alailowaya WA Ni atilẹyin funmorawon: KO SI Imugboroosi: KO SI SSL-Apejọ: Ilana: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session- ID: C745B4A0236204E16234CB15DC9CDBC3D084125FF5989F5DB6C5295BF4E2D73A Igba-ID-ctx: Master-Key : 1904D204C564B76361CEA50373F8879AF793AF7D7506C04473777F6F3503A9FD919CD1F837BC67BFF29E309F352526F5 Key-Arg: kò Krb5 Ipò: kò PSK idanimo: Kò PSK idanimo ofiri: HS 300F0000F4A3FD8CD29F7BC4BFF63E72F7F6 Key-Arg: kò Krb4 Ipò: Kò 7 PSK idanimo: Kò PSK idanimo ofiri: HS 1TLS igba XNUMX aaya XNUMX f kò-XNUMX igba XNUMX tlf XNUMX awọn aaya tikẹti kan fXNUMXfXNUMX tikẹti ec XNUMXe XNUMXc N :.) zOcr ... O .. ~.
 0010 - 2c d4 be a8 be 92 2e ae-98 7e 87 6d 45 c5 17 a8, ........ ~ .mE ...
 0020 - db 3a 86 80 df 8b dc 8d-f8 1f 68 6e db a7 e3 86.: ........ hn ....
 0030 - 08 35 e5 eb 98 b8 a4 98-68 b1 ea f7 72 f7 c1 79 .5 ...... h ... r..y 0040 - 89 4a 28 e3 85 a4 8b da-e9 7a 29 c7 77 bf 22 0d .J (...... z) .w. ".
 0050 - bd 5c f6 61 8c a1 14 bd-cb 31 27 66 7a dc 51 28. \. A ..... 1'fz.Q (0060 - b7 de 35 bd 2b 0f d4 ec-d3 e0 14 c8 65 03 b1 35 ..5. + ....... e..5 0070 - 38 34 f8 de 48 da ae 31-90 bd f6 b0 e6 9c cf 19 84..H..1 ..... ...
 0080 - f5 42 56 13 88 b0 8c db-aa ee 5a d7 1b 2c dd 71 .BV ....... Z ..,. Q 0090 - 7a f1 03 70 90 94 c9 0a-62 e5 0f 9c bf dc 3c a0 z..p .... b ..... <.

+ OK Dovecot ti Ṣetan!
OLOHUN legolas
+ O DARA
Ṣe awọn legolas
+ O DARA Wọle.
akojọ
+ O dara awọn ifiranṣẹ 1: 1 1021.
RETR 1
+ O dara awọn octets o dara 1021: X-Original-To: legolas@desdelinux.fan Ti firanṣẹ-Lati: legolas@desdelinux.fan Ti gba: lati sysadmin.desdelinux.fan (ẹnu-ọna [172.16.10.1]) nipasẹ desdelinux.fan (Postfix) pẹlu ESMTP id 51886C11E8C0 fun ; Mon, 22 May 2017 15:09:11 -0400 (EDT) Ifiranṣẹ-ID: <919362.931369932-sendEmail@sysadmin> Lati: "buzz@deslinux.fan" Si: "legolas@desdelinux.fan" Koko-ọrọ: Ọjọ Aabo: Ọjọ Mon, 22 Oṣu Karun ọdun 2017 19: 09: 11 + 0000 X-Mailer: firanṣẹEmail-1.56 MIME-Ẹya: 1.0 Akoonu-Iru: pupọ / ibatan; ala = "---- Olupin MIME fun sendEmail-365707.724894495" Eyi jẹ ifiranṣẹ pupọ-ni ọna kika MIME. Lati ṣe afihan ifiranṣẹ yii daradara o nilo eto Imeeli ti o ni ibamu pẹlu MIME-Version 1.0. ------ Olupin MIME fun sendEmail-365707.724894495 Akoonu-Iru: ọrọ / pẹtẹlẹ; charset = "iso-8859-1" Akoonu-Gbigbe-Kooduopo: 7bit Ẹ kí Legolas lati ọdọ ọrẹ rẹ Buzz ------ MIME onigbọwọ fun sendEmail-365707.724894495--.
olodun-
+ O DARA WO. ni pipade
aruwo @ sysadmin: ~ $

Okere

Okere jẹ alabara wẹẹbu ti a kọ patapata ni PHP. O pẹlu atilẹyin PHP abinibi fun IMAP ati awọn ilana SMTP, ati pese ibaramu ti o pọ julọ pẹlu awọn aṣawakiri oriṣiriṣi ti o nlo. O n ṣiṣẹ ni deede lori eyikeyi olupin IMAP. O ni gbogbo iṣẹ ṣiṣe ti o nilo lati ọdọ alabara imeeli kan pẹlu atilẹyin MIME, iwe adirẹsi ati iṣakoso folda.

[root @ linuxbox ~] # yum fi sori ẹrọ squirrelmail
[root @ linuxbox ~] # iṣẹ httpd tun bẹrẹ

[root @ linuxbox ~] # nano /etc/squirrelmail/config.php
$ domain = 'desdelinux.fan';
$ imapServerAddress = 'mail.fromlinux.fan';
$ imapPort = 143;
$ smtpServerAddress = 'desdelinux.fan';

[root @ linuxbox ~] # iṣẹ tun gbee si

DNS Firanṣẹ Afihan Framenwork tabi igbasilẹ SPF

Ninu ọrọ naa NSD Olumulo DNS Server + Shorewall A rii pe A ti tunto Agbegbe "desdelinux.fan" bi atẹle:

root @ ns: ~ # nano /etc/nsd/desdelinux.fan.zone
$ ORIGIN lati linux.fan. $ TTL 3H @ IN SOA ns.fromlinux.fan. root.fromlinux.fan. (1; tẹlentẹle 1D; tù 1H; tun gbiyanju 1W; pari 3H); o kere ju tabi; Akoko caching odi lati gbe; @ IN NS ns.fromlinux.fan. @ IN MX 10 mail.fromlinux.fan.
@ IN TXT "v = spf1 a: mail.desdelinux.fan -gbogbo"
; ; Wọle lati yanju awọn ibeere iwun lati linux.fan @ INU A 172.16.10.10; ns IN A 172.16.10.30 meeli IN CNAME lati linux.fan. iwiregbe IN CNAME lati linux.fan. www IN CNAME lati linux.fan. ; ; Awọn igbasilẹ SRV ti o ni ibatan si XMPP
_xmpp-server._tcp IN SRV 0 0 5269 lati linux.fan. _xmpp-client._tcp IN SRV 0 0 5222 lati linux.fan. _jabber._tcp IN SRV 0 0 5269 lati linux.fan.

Ninu rẹ a ti ṣalaye iforukọsilẹ:

@ IN TXT "v = spf1 a: mail.desdelinux.fan -gbogbo"

Lati ni tunto paramita kanna fun Nẹtiwọọki SME tabi LAN, a gbọdọ yipada faili iṣeto Dnsmasq gẹgẹbi atẹle:

# TXT igbasilẹ. A tun le sọ igbasilẹ SPF kan txt-igbasilẹ = desdelinux.fan, "v = spf1 a: mail.desdelinux.fan -all"

Lẹhinna a tun bẹrẹ iṣẹ naa:

[root @ linuxbox ~] # iṣẹ dnsmasq tun bẹrẹ
[root @ linuxbox ~] # iṣẹ dnsmasq ipo [root @ linuxbox ~] # host -t TXT mail.fromlinux.fan mail.fromlinux.fan jẹ inagijẹ fun fromlinux.fan. ọrọ asọye desdelinux.fan "v = spf1 a: mail.desdelinux.fan -gbogbo"

Awọn iwe-ẹri Ifọwọsi ti Ara ẹni ati Apache tabi httpd

Paapa ti aṣàwákiri rẹ ba sọ fun ọ pe «Oluwa ti mail.fromlinux.fan O ti tunto oju opo wẹẹbu rẹ ni aṣiṣe. Lati yago fun jiji alaye rẹ, Firefox ko sopọ si oju opo wẹẹbu yii ”, ijẹrisi ti ipilẹṣẹ tẹlẹ O DUN, ati pe yoo gba awọn iwe eri laaye laarin alabara ati olupin lati rin irin-ajo ti paroko, lẹhin ti a gba iwe-ẹri naa.

Ti o ba fẹ, ati bi ọna lati ṣọkan awọn iwe-ẹri, o le sọ fun Apache awọn iwe-ẹri kanna ti o kede fun Postfix, eyiti o tọ.

[gbongbo @ linuxbox ~] # nano /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/desdelinux.fan.crt
SSLCertifateKeyFile /etc/pki/tls/private/desdelinux.fan.key

[gbongbo @ linuxbox ~] # iṣẹ httpd tun bẹrẹ
[gbongbo @ linuxbox ~] # iṣẹ httpd ipo

Ẹgbẹ Diffie-Hellman

Ọrọ Aabo di isoro siwaju sii lojoojumọ lori Intanẹẹti. Ọkan ninu awọn ikọlu ti o wọpọ julọ lori awọn isopọ SSL, se oun ni Lojamu ati lati daabobo lodi si o o jẹ dandan lati ṣafikun awọn iṣiro ti kii ṣe deede si iṣeto SSL. Fun eyi o wa RFC-3526 «Imudara Apọjuwọn diẹ sii (MODP) Diffie-Hellman awọn ẹgbẹ fun Iyipada paṣipaarọ Intanẹẹti (IKE)".

[root @ linuxbox ~] # cd / ati be be lo / pki / tls /
[root @ linuxbox tls] # openssl dhparam -kuro ikọkọ / dhparams.pem 2048
[root @ linuxbox tls] # chmod 600 ikọkọ / dhparams.pem

Gẹgẹbi ẹya ti Apache ti a ti fi sii, a yoo lo Ẹgbẹ Diffie-Helman lati faili naa /etc/pki/tls/dhparams.pem. Ti o ba jẹ ẹya 2.4.8 tabi nigbamii, lẹhinna a yoo ni lati ṣafikun si faili naa /etc/httpd/conf.d/ssl.conf laini atẹle:

SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"

Ẹya ti Apache ti a nlo ni:

[root @ linuxbox tls] # alaye yum httpd
Awọn afikun ti a kojọpọ: fastestmirror, langpacks Awọn iyara digi Ikojọpọ lati ibi ipamọ alejo ipamọ ti a fi sii Awọn akopọ ti a fi sii
Ẹya: 2.4.6
Tu silẹ: 45.el7.centos Iwon: Ibi ipamọ 9.4 M: ti fi sori ẹrọ Lati ibi ipamọ: Akopọ Ipilẹ-Repo: Apache HTTP Server URL: http://httpd.apache.org/ Iwe-aṣẹ: ASL 2.0 Apejuwe: Olupin HTTP Apache jẹ alagbara , ṣiṣe, ati extensible: olupin ayelujara.

Bi a ṣe ni ẹya kan ṣaaju 2.4.8, a ṣafikun ni ipari ti ijẹrisi CRT ti a ti ṣaju tẹlẹ, akoonu ti Ẹgbẹ Diffie-Helman:

[root @ linuxbox tls] # ologbo ikọkọ / dhparams.pem >> ifọwọsi / desdelinux.fan.crt

Ti o ba fẹ ṣayẹwo pe a fi awọn ipele DH kun ni pipe si ijẹrisi CRT, ṣe awọn ofin wọnyi:

[root @ linuxbox tls] # ologbo ikọkọ / dhparams.pem 
----- Bẹrẹ DH PARAMETERS -----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- PARAMETERS EKU -----

[root @ linuxbox tls] # ologbo certs / desdelinux.fan.crt 
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK
DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM
DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu
ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT
AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl
c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz
ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8
sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB
idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb
O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr
/BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF
uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY
ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1
5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe
/02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm
1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B
yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T
YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK
UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ
uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf
KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U
FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V
6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz
UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3
2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo
pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5
8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU
4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS
YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh
Nf0/JsEjPklCugE=
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- PARAMETERS EKU -----

Lẹhin awọn ayipada wọnyi, a gbọdọ tun bẹrẹ Postfix ati awọn iṣẹ httpd:

[root @ linuxbox tls] # tun bẹrẹ iṣẹ postfix
[root @ linuxbox tls] # ipo ifiweranṣẹ iṣẹ
[root @ linuxbox tls] # iṣẹ httpd tun bẹrẹ
[root @ linuxbox tls] ipo # iṣẹ httpd

Ifisipọ ti Ẹgbẹ Diffie-Helman ninu awọn iwe-ẹri TLS wa le ṣe sisopọ lori HTTPS pẹ diẹ, ṣugbọn afikun aabo ni o tọsi daradara.

Ṣiṣayẹwo Squirrelmail

NIGBANA pe awọn iwe-ẹri ti ipilẹṣẹ ni deede ati pe a ṣayẹwo iṣiṣẹ ti o tọ wọn bi a ti ṣe nipasẹ awọn ofin itunu, tọka aṣawakiri ti o fẹ si URL naa http://mail.desdelinux.fan/webmail ati pe yoo sopọ si alabara wẹẹbu lẹhin gbigba ijẹrisi ti o baamu. Akiyesi pe, botilẹjẹpe o ṣafihan ilana HTTP, yoo darí rẹ si HTTPS, ati pe eyi jẹ nitori iṣeto aiyipada ti CentOS nfunni fun Squirrelmail. Wo faili naa /etc/httpd/conf.d/squirrelmail.conf.

Nipa awọn apoti leta olumulo

Dovecot ṣẹda awọn apoti leta IMAP ninu folda naa ile ti olumulo kọọkan:

[gbongbo @ linuxbox ~] # ls -la /home/legolas/mail/.imap/
lapapọ 12 drwxrwx ---. 5 legolas meeli 4096 May 22 12:39. drwx ------. 3 legolas legolas 75 May 22 11:34 .. -rw -------. 1 legolas legolas 72 May 22 11:34 dovecot.mailbox.log -rw -------. 1 legolas legolas May 8 22 12:39 dovecot-uidvalidity -r - r - r--. 1 legolas legolas 0 Oṣu Karun 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. 2 legolas meeli 56 May 22 10:23 INBOX drwx ------. 2 legolas legolas 56 May 22 12:39 Ti firanṣẹ drwx ------. 2 legolas legolas 30 May 22 11:34 Ile idọti

Wọn tun wa ni fipamọ ni / var / mail /

[gbongbo @ linuxbox ~] # kere / var / mail / legolas
Lati MAILER_DAEMON Mon Oṣu Karun 22 10: 28: 00 2017 Ọjọ: Ọjọ-aarọ, 22 Oṣu Karun 2017 10:28:00 -0400 Lati: Data ti inu data Koko-ọrọ: MAA ṢE PA ifiranṣẹ MỌ - FADARA INTERNAL DATA Ifiranṣẹ-ID: <1495463280 @ linuxbox> X-IMAP: 1495462351 0000000008 Ipo: RO Ọrọ yii jẹ apakan ti ọna inu ti folda meeli rẹ, kii ṣe ifiranṣẹ gidi. O ti ṣẹda laifọwọyi nipasẹ sọfitiwia eto meeli. Ti o ba parẹ, data folda pataki yoo padanu, ati pe yoo tun ṣẹda pẹlu ipilẹ data si awọn iye akọkọ. Lati root@desdelinux.fan Mon Oṣu Karun ọjọ 22 10:47:10 2017 Pada-Ọna: X-Original-To: legolas Ti a Firanṣẹ-Lati: legolas@desdelinux.fan Ti gba: nipasẹ desdelinux.fan (Postfix, lati userid 0) id 7EA22C11FC57; Mon, 22 May 2017 10:47:10 -0400 (EDT) Ọjọ: Mon, 22 May 2017 10:47:10 -0400 Si: legolas@desdelinux.fan Koko-ọrọ: Idanwo Aṣoju Olumulo: Heirloom mailx 12.5 7/5 / 10 MIME-Ẹya: 1.0 Akoonu-Iru: ọrọ / pẹtẹlẹ; charset = us-ascii Akoonu-Gbigbe-fifi koodu sii: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Lati: root@desdelinux.fan (gbongbo) X-UID: Ipo 7: RO Hello. Eyi jẹ ifiranṣẹ idanwo Lati buzz@deslinux.fan Mon Oṣu Karun 22 10:53:08 2017 Pada-Ọna: X-Original-Lati: legolas@desdelinux.fan Ti firanṣẹ-Lati: legolas@desdelinux.fan Ti gba: lati sysadmin.desdelinux.fan (ẹnu-ọna [172.16.10.1]) nipasẹ desdelinux.fan (Postfix) pẹlu ESMTP id C184DC11FC57 fun ; Mon, 22 May 2017 10:53:08 -0400 (EDT) Ifiranṣẹ-ID: <739874.219379516-sendEmail@sysadmin> Lati: "buzz@deslinux.fan" Si: "legolas@desdelinux.fan" Koko-ọrọ: Ọjọ Aabo: Mon, 22 Oṣu Karun 2017 14:53:08 + 0000 X-Mailer: firanṣẹEmail-1.56 MIME-Ẹya: 1.0 Akoonu-Iru: pupọ / iru; aala = "---- Olupin MIME fun fifiranṣẹEmail-794889.899510057
/ var / leta / legolas

Lakotan minisita PAM

A ti wo ipilẹ ti Mailserver kan ati fi itọkasi kekere si aabo. A nireti pe nkan naa n ṣiṣẹ bi aaye titẹsi si akọle bi idiju ati ni ifaragba si ṣiṣe awọn aṣiṣe bi o ṣe jẹ imuse ti Olupin Ifiranṣẹ pẹlu ọwọ.

A nlo ijẹrisi olumulo agbegbe nitori ti a ba ka faili naa ni deede /etc/dovecot/conf.d/10-auth.conf, a yoo rii pe ni ipari o wa pẹlu -nipa aiyipada- faili ijẹrisi ti awọn olumulo eto pẹlu auth-system.conf.ext. Ni deede faili yii sọ fun wa ninu akọsori rẹ pe:

[root @ linuxbox ~] # kere /etc/dovecot/conf.d/auth-system.conf.ext
# Ijeri fun awọn olumulo eto. Ti o wa lati 10-auth.conf. # # # # Ijẹrisi PAM. Ti a fẹ ni awọn ọjọ nipasẹ ọpọlọpọ awọn ọna ṣiṣe.
# PAM jẹ igbagbogbo lo pẹlu boya passdd userd tabi aimi userdb. # ÌREMNT:: Iwọ yoo nilo faili /etc/pam.d/dovecot ti a ṣẹda fun ijẹrisi PAM # lati ṣiṣẹ gangan. passdb {iwakọ = pam # [igba = bẹẹni] [setcred = bẹẹni] [failure_show_msg = bẹẹni] [max_requests = ] # [kaṣe_key = ] [ ] #args = àdàbà}

Ati pe faili miiran wa /etc/pam.d/dovecot:

[root @ linuxbox ~] # ologbo /etc/pam.d/dovecot 
#% PAM-1.0 auth nilo pam_nologin.so auth pẹlu ọrọ igbaniwọle-auth pẹlu ọrọ igbaniwọle-auth pẹlu ọrọ igbaniwọle-auth

Kini a n gbiyanju lati sọ nipa ijẹrisi PAM?

  • CentOS, Debian, Ubuntu, ati ọpọlọpọ awọn pinpin kaakiri Linux miiran fi Postifx ati Dovecot sori pẹlu ijẹrisi agbegbe ti a muu ṣiṣẹ nipasẹ aiyipada.
  • Ọpọlọpọ awọn nkan lori Intanẹẹti lo MySQL - ati pe laipe MariaDB - lati tọju awọn olumulo ati data miiran nipa Mailserver kan. Ṣugbọn awọn wọnyi jẹ awọn olupin fun ẹgbẹẹgbẹrun TI Awọn olumulo, kii ṣe fun Ayebaye SME Nẹtiwọọki pẹlu - boya - awọn ọgọọgọrun awọn olumulo.
  • Ijeri nipasẹ PAM jẹ pataki ati to lati pese awọn iṣẹ nẹtiwọọki niwọn igba ti wọn ba ṣiṣẹ lori olupin kan bi a ti rii ninu awọn minisita yii.
  • Awọn olumulo ti o fipamọ sinu ibi ipamọ data LDAP le ṣe ya aworan bi ẹni pe wọn jẹ awọn olumulo agbegbe, ati pe a le lo idanimọ PAM lati pese awọn iṣẹ nẹtiwọọki lati oriṣiriṣi awọn olupin Linux ti o ṣe bi awọn alabara LDAP si olupin ijẹrisi aringbungbun. Ni ọna yii, a yoo ṣiṣẹ pẹlu awọn iwe eri ti awọn olumulo ti o fipamọ sinu aaye data olupin LDAP aringbungbun, ati pe KO yoo ṣe pataki lati ṣetọju ibi ipamọ data pẹlu awọn olumulo agbegbe.

Titi ti atẹle ìrìn!


Awọn akoonu ti nkan naa faramọ awọn ilana wa ti awọn ilana olootu. Lati jabo aṣiṣe kan tẹ nibi.

Awọn asọye 9, fi tirẹ silẹ

Fi ọrọ rẹ silẹ

Adirẹsi imeeli rẹ yoo ko le ṣe atejade. O beere aaye ti wa ni samisi pẹlu *

*

*

  1. Lodidi fun data naa: Miguel Ángel Gatón
  2. Idi ti data naa: SPAM Iṣakoso, iṣakoso ọrọ asọye.
  3. Ofin: Iyọọda rẹ
  4. Ibaraẹnisọrọ data: Awọn data kii yoo ni ifọrọhan si awọn ẹgbẹ kẹta ayafi nipasẹ ọranyan ofin.
  5. Ibi ipamọ data: Alaye data ti o gbalejo nipasẹ Awọn nẹtiwọọki Occentus (EU)
  6. Awọn ẹtọ: Ni eyikeyi akoko o le ni opin, gba pada ki o paarẹ alaye rẹ.

  1.   alangba wi

    Gbagbọ mi pe ninu adaṣe eyi jẹ ilana ti o fun diẹ ẹ sii ju ọkan sysadmin awọn efori lile, Mo ni idaniloju pe ni ọjọ iwaju o yoo jẹ itọsọna itọkasi fun ẹnikẹni ti o fẹ lati ṣakoso awọn imeeli wọn funrara wọn, ọran ti o wulo ti o di abc nigbati apapọ iwe ifiweranṣẹ, dovecot, squirrelmail ..

    O ṣeun pupọ fun idasi iyin rẹ,

  2.   Darko wi

    Kilode ti o ko lo Mailpile, nigbati o ba de aabo, pẹlu PGP? Paapaa Roundcube ni wiwo inu pupọ diẹ sii ati pe o tun le ṣepọ PGP.

  3.   Martin wi

    Awọn ọjọ 3 sẹyin Mo ka ifiweranṣẹ naa, Mo mọ bi mo ṣe le dupẹ lọwọ rẹ. Emi ko gbero lati fi sori ẹrọ olupin meeli ṣugbọn o jẹ iranlọwọ nigbagbogbo lati wo ẹda awọn iwe-ẹri, wulo fun awọn ohun elo miiran ati pe awọn itọnisọna wọnyi ko le pari (paapaa diẹ sii nigbati o ba lo centOS).

  4.   Frederick wi

    Manuel Cillero: O ṣeun fun sisopọ si ati lati bulọọgi rẹ nkan yii eyiti o jẹ ipilẹ to kere julọ ti olupin meeli ti o da lori Postfix ati Dovecot.

    Lizard: Bi nigbagbogbo, a ti gba igbelewọn rẹ dara julọ. E dupe.

    Darko: Ni fere gbogbo awọn nkan mi Mo sọ diẹ sii tabi kere si pe “Gbogbo eniyan n ṣe awọn iṣẹ ṣiṣe pẹlu awọn eto ti wọn fẹ julọ.” O ṣeun fun ọrọìwòye.

    Martin: O ṣeun fun ọ tun fun kika nkan naa ati pe Mo nireti pe o ṣe iranlọwọ fun ọ ninu iṣẹ rẹ.

  5.   Zodiac Carburus wi

    Nkan pupọ ọrẹ Federico. O ṣeun pupọ fun iru tuto ti o dara.

  6.   arche wi

    O dara julọ botilẹjẹpe Emi yoo lo “awọn olumulo alailowaya” lati yago fun ṣiṣẹda olumulo eto ni gbogbo igba ti Mo ṣafikun imeeli kan, o ṣeun Mo kọ ọpọlọpọ awọn nkan tuntun ati pe iru ipolowo ti Mo n duro de

  7.   Wilton Acevedo Rueda wi

    O dara ọjọ,

    Wọn yoo ni igboya lati ṣe kanna pẹlu olupin itọsọna fedora + postifx + dovecot + thunderbird tabi oju-iwoye.

    Mo ni apakan ṣugbọn Mo di, Emi yoo fi ayọ pin iwe-ipamọ si agbegbe @desdelinux

  8.   phico wi

    Emi ko fojuinu pe yoo de ọdọ awọn abẹwo 3000 diẹ sii !!!

    Ikini Lizard!

  9.   Ipari ipari wi

    O tayọ ẹlẹgbẹ olukọni.
    Ṣe o le ṣe fun Debian 10 pẹlu awọn olumulo ti Itọsọna Iroyin ti o gbe sori Samba4 ???
    Mo fojuinu pe yoo fẹrẹ jẹ bakan naa ṣugbọn yiyipada irufẹ ijẹrisi.
    Abala ti o ya si mimọ fun ṣiṣẹda awọn iwe-ẹri ti a fowo si ti ara ẹni jẹ igbadun pupọ.