Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso
Lo mbhalo ukuqhubeka nokugcina kokusebenza:
- Ukuqinisekiswa kwe-squid + PAM ku-CentOS 7.
- Ukuphathwa komsebenzisi wasendaweni neqembu
- Iseva ye-NSD Authoritarian DNS Server + Shorewall
- I-Prosody IM nabasebenzisi bendawo
Sanibonani bangani nabangane!
I-Los Abathandekayo bafuna ukuba neseva yabo yeposi. Abafuni ukusebenzisa amaseva lapho "Ubumfihlo" buphakathi kwezimpawu zombuzo. Umuntu ophethe ukwenza insiza kuseva yakho encane akayona ingcweti kule ndaba futhi uzoqala azame ukufaka umnyombo weseva yeposi ezayo nephelele. Ngabe lokho "ukulinganisa" kokwenza i-Full Mailserver kunzima kakhulu ukukuqonda nokukusebenzisa. 😉
Izichasiselo ze-Margin
- Kuyadingeka ukuthi kucace ukuthi imiphi imisebenzi eyenziwa uhlelo ngalunye olubandakanyeka kuMailserver. Njengomhlahlandlela wokuqala sinikeza lonke uchungechunge lwezixhumanisi eziwusizo ngenhloso emenyezelwe ukuthi zivakashelwe.
- Ukusebenzisa i-Complete Mail Service ngesandla futhi kusukela ekuqaleni kuyinqubo ekhathazayo, ngaphandle kwalapho ungomunye walabo "Abakhethiwe" abenza lo msebenzi nsuku zonke. I-Mail Server yakhiwa ngendlela ejwayelekile- ngezinhlelo ezahlukahlukene ezisingatha ngokwehlukana SMTP, I-POP / I-IMAP, Isitoreji Sendawo Semilayezo, imisebenzi ehlobene nokwelashwa kwefayela le- UGAXEKILE, I-Antivirus, njll. ZONKE lezi zinhlelo kumele zixhumane ngendlela efanele.
- Abukho usayizi owodwa olingana konke noma "izindlela ezinhle kakhulu" zokuphatha abasebenzisi; uyigcina kuphi futhi kanjani imiyalezo, noma ukuthi ungazenza kanjani zonke izingxenye zisebenze zizonke.
- Ukuhlanganiswa nokulungiswa kweMailserver kuthanda ukunganaki ezindabeni ezinjengezimvume nabanikazi bamafayela, ukukhetha ukuthi yimuphi umsebenzisi ozophatha inqubo ethile, nangamaphutha amancane enziwe kufayela elithile lokucushwa kwe-esoteric.
- Ngaphandle kokuthi wazi kahle okwenzayo, umphumela wokugcina uzoba i-Mail Server engavikelekile noma engasebenzi kancane. Ukuthi ekugcineni kokuqaliswa akusebenzi, kungenzeka kube kuncane kobubi.
- Singathola ku-inthanethi inamba enhle yezindlela zokupheka zokwenza i-Mail Server. Enye yezinto eziphelele kakhulu -ngombono wami uqobo- yilowo onikezwa ngumlobi U-Ivar Abrahamsen kumagazini wayo weshumi nantathu kaJanuwari 2017 «Ungayisetha kanjani iseva yeposi kuhlelo lwe-GNU / Linux".
- Sincoma nokuthi ufunde i-athikili «I-Mailserver ku-Ubuntu 14.04: I-Postfix, iDovecot, i-MySQL«, noma «I-Mailserver ku-Ubuntu 16.04: I-Postfix, iDovecot, i-MySQL".
- Yiqiniso. Imibhalo ehamba phambili maqondana nalokhu ingatholakala ngesiNgisi.
- Yize singakaze senze iMailserver ngokwethembeka iqondiswe yi Kanjani ... okukhulunywe ngakho esigabeni esedlule, iqiniso lokuthi sililandele igxathu negxathu lizosinika umbono omuhle kakhulu wokuthi sizobe sibhekene nani.
- Uma ufuna ukuba ne-Mailserver ephelele ngezinyathelo ezimbalwa nje, ungalanda isithombe I-RedOS-0.6.0-CentOS-5.5-i386.iso, noma funa enye yesimanje, kungaba iRedOS noma iRedMail. Kuyindlela engincoma ngayo mathupha.
Sizofaka futhi silungiselele:
- I-Postfix njengeseva Mgarlic Transport Agent (SMTP).
- I-Dovecot njengeseva se-POP - IMAP.
- Izitifiketi zokuxhuma nge TLS.
- I-Squirrelmail njengesixhumi esibonakalayo sewebhu sabasebenzisi.
- Irekhodi le-DNS elihlobene ne- «Uhlaka lwenqubomgomo yabentwana»Noma SPF.
- Isizukulwane semodyuli Iqembu le-Diffie Hellman ukwandisa ukuphepha kwezitifiketi ze-SSL.
Kusazokwenziwa:
Okungenani lezi zinsizakalo ezilandelayo zizohlala zisetshenziswa:
- UPostgrey: Izinqubomgomo zeseva yePostfix yohlu lwamaGrey bese wenqabe i-Junk Mail
- amavisd-entsha: iskripthi esidala ukuxhumana phakathi kwe-MTA, nezikena zamagciwane kanye nezihlungi zokuqukethwe.
- Clamav Unqulo wesi arab: i-antivirus suite
- I-SpamAssassin: khipha i-Junk Mail
- I-razor (IPyzor): I-SPAM ithwebula ngenethiwekhi esatshalaliswayo neyokubambisana. Inethiwekhi yeVipul Razor igcina ikhathalogu ebuyekeziwe yokusabalalisa i-junk mail noma i-SPAM.
- Irekhodi le-DNS "i-DomainKeys Mail ekhonjiwe" noma I-DKIM.
Amaphakethe i-postgrey, i-amavisd-new, i-clamav, i-spamassassin, i-razor y phizor Atholakala ezinqolobaneni zohlelo. Sizophinde sithole uhlelo umabhebhana.
- Ukumenyezelwa okulungile kwamarekhodi e-DNS "i-SPF" ne "DKIM" kubalulekile uma singafuni ukuthi iseva yethu yeposi iqale ukusebenza, kuthiwe ayifuneki noma ingumkhiqizi we-SPAM noma i-Junk Mail, ngezinye izinsizakalo zeposi ezifana Gmail, Yawu, Hotmail, njll.
Ukuhlolwa kokuqala
Khumbula ukuthi le ndatshana ingukuqhubeka kweminye eqala ku- Ukuqinisekiswa kwe-squid + PAM ku-CentOS 7.
Isixhumi esibonakalayo se-Ens32 LAN sixhumeke kunethiwekhi yangaphakathi
[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan DNS1=127.0.0.1
ZONE = umphakathi
[impande @ linuxbox ~] # ifdown ens32 && ifup ens32
I-Ens34 WAN interface exhunywe kwi-Inthanethi
[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens34
DEVICE=ens34 ONBOOT=yebo BOOTPROTO=static HWADDR=00:0c:29:da:a3:e7 NM_CONTROLLED=no IPADDR=172.16.10.10 NETMASK=255.255.255.0 # I-ADSL Router ixhunywe # kulesi sixhumanisi ngokulandelayo # IP GATEWAY=172.16.10.1 DOMAIN=desdelinux.fan DNS1=127.0.0.1
ZONE = ngaphandle
Ukulungiswa kwe-DNS kusuka ku-LAN
[impande@linuxbox ~]# ikati /etc/resolv.conf usesho desdelinux.fan nameserver 127.0.0.1 nameserver 172.16.10.30 [root@linuxbox ~]# imeyili yomsingathi imeyili.desdelinuxI-.fan isibizo se-linuxbox.desdelinux.umlandeli. linuxbox.desdelinux.fan unekheli 192.168.10.5 linuxbox.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli. [impande@linuxbox ~]# i-hostmail.desdelinux.umlandeli imeyili.desdelinuxI-.fan isibizo se-linuxbox.desdelinux.umlandeli. linuxbox.desdelinux.fan unekheli 192.168.10.5 linuxbox.desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-1.desdelinux.umlandeli.
Isixazululo se-DNS esivela kwi-Intanethi
buzz@sysadmin:~$hostmail.desdelinux.umlandeli 172.16.10.30 Kusetshenziswa iseva yesizinda: Igama: 172.16.10.30 Ikheli: 172.16.10.30#53 Iziteketiso: imeyili.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli.
Izinkinga zokuxazulula igama lomethuleli endaweni «desdelinux.umlandeli"
Uma unezinkinga zokuxazulula igama lomethuleli «desdelinux.umlandeli" ukusuka I-LAN, zama ukuphawula umugqa wefayela /etc/dnsmasq.conf lapho kumenyezelwa khona indawo=/desdelinux.umlandeli/. Ngemuva kwalokho, qala kabusha iDnsmasq.
[root @ linuxbox ~] # nano /etc/dnsmasq.conf # Beka umugqa ngezansi: # yendawo=/desdelinux.umlandeli/ [root @ linuxbox ~] # service dnsmasq restart Iqondisa kabusha ku- / bin / systemctl restart dnsmasq.service [root @ linuxbox ~] # service dnsmasq isimo [impande@linuxbox ~]# umsingathi desdelinux.umlandeli desdelinux.umlandeli unekheli 172.16.10.10 desdelinux.imeyili yabalandeli iphathwa ngemeyili engu-10.desdelinux.umlandeli.
I-Postfix ne-Dovecot
Imibhalo ebanzi kakhulu yePostfix neDovecot ingatholakala ku:
[izimpande @ linuxbox ~] # ls / usr/share/doc/postfix-2.10.1/ bounce.cf.default LICENSE README-Postfix-SASL-RedHat.txt COMPATIBILITY main.cf.default TLS_ACKNOWLEDGEMENTS izibonelo README_FILES TLS_LICENSE [izimpande @ linuxbox ~] # ls / usr/share/doc/dovecot-2.2.10/ AUTHORS COPYING.MIT dovecot-openssl.cnf IZINDABA wiki UKUKOPISHA ChangeLog example-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml
Ku-CentOS 7, iPostfix MTA ifakwa ngokuzenzakalela lapho sikhetha inketho ye-Infrastructure Server. Kufanele sihlole ukuthi umongo we-SELinux uvumela ukubhala kuPotfix kulayini womlayezo wendawo:
[impande @ linuxbox ~] # i-getsebool -a | i-postfix ye-grep
i-postfix_local_write_mail_spool -> on
Ukulungiswa ku-FirewallD
Sisebenzisa isikhombimsebenzisi sokuqhafaza ukumisa i-FirewallD, kufanele siqinisekise ukuthi izinsizakalo namachweba alandelayo anikwe amandla kuZoni ngayinye:
# ----------------------------------------------------- ----- # Ukulungiswa ku-FirewallD # ----------------------------------------------------- ----- # I-Firewall # Indawo Yomphakathi: http, https, imap, pop3, smtp services # Izindawo zomphakathi: amachweba 80, 443, 143, 110, 25 Indawo engaphandle: http, https, imap, pop3s, smtp services # Indawo engaphandle: amachweba 80, 443, 143, 995, 25
Sifaka iDovecot nezinhlelo ezidingekayo
[root @ linuxbox ~] # yum ukufaka i-dovecot mod_ssl procmail telnet
Ukucushwa okuncane kwe-Dovecot
[izimpande @ linuxbox ~] # nano /etc/dovecot/dovecot.conf ama-protocol =imap pop3 lmtp lalela =*, :: ukungena_ukubingelela = IDovecot isilungile!
Sikhubaza ngokusobala ubuqiniso obucacile be-Dovecot:
[impande @ linuxbox ~] # nano /etc/dovecot/conf.d/10-auth.conf
able_plaintext_auth = yebo
Simemezela iqembu elinamalungelo adingekayo okusebenzisana neDovecot, kanye nendawo yemiyalezo:
[impande @ linuxbox ~] # nano /etc/dovecot/conf.d/10-mail.conf mail_location = mbox: ~ / mail: INBOX = / var / mail /% u i-mail_privileged_group = imeyili imeyili_access_groups = imeyili
Izitifiketi zeDovecot
IDovecot yakha ngokuzenzakalela izitifiketi zakho zokuhlola ngokuya ngemininingwane ekufayela /etc/pki/dovecot/dovecot-openssl.cnf. Ukwenza izitifiketi ezintsha zenziwe ngokuya ngezidingo zethu, kufanele senze lezi zinyathelo ezilandelayo:
[impande @ linuxbox ~] # cd / njll / pki / dovecot / [izimpande @ linuxbox dovecot] # nano dovecot-openssl.cnf [ req ] default_bits = 1024 encrypt_key = yebo uniqueed_name = req_dn x509_extensions = cert_type prompt = cha [ req_dn ] # izwe (2 ikhodi yezinhlamvu) C=CU # Igama Lesifunda noma Lesifundazwe (igama eligcwele) ST=Cuba # Igama Lendawo (isb. ) L=Havana # Inhlangano (isb. inkampani) O=DesdeLinux.Umlandeli # Igama Leyunithi Yenhlangano (isb. isigaba) OU=Abashisekeli # Igama Elivamile (*.example.com kungenzeka futhi) CN=*.desdelinux.fan # I-imeyili yokuxhumana naye i-imeyiliAddress=buzz@desdelinux.fan [ cert_type ] nsCertType = iseva
Siqeda izitifiketi zokuhlola
[izimpande @ linuxbox dovecot] # rm certs / dovecot.pem rm: susa ifayili elijwayelekile "certs / dovecot.pem"? (y / n) y [izimpande @ linuxbox dovecot] # rm yangasese / dovecot.pem rm: susa ifayili elijwayelekile elithi "private / dovecot.pem"? (y / n) y
Siyakopisha futhi sisebenzise iskripthi mkcert.sh kusuka enkombeni yemibhalo
[izimpande @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [impande @ linuxbox dovecot] # bash mkcert.sh Ikhiqiza ukhiye oyimfihlo ongu-1024 bit RSA ......++++++ ................+++++++ ukubhala ukhiye omusha oyimfihlo ku-'/etc/ pki/dovecot/private/dovecot.pem' ----- isihloko= /C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Abalandeli/OU=Abashisekeli/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan SHA1 Fingerprint=5F:4A:0C:44:EC:EC:EF:95:73:3E:1E:37:D5:05:F8:23:7E:E1:A4:5A [izimpande @ linuxbox dovecot] # ls -l izitifiketi / inani elingu-4 -rw -------. Impande eyi-1 impande 1029 Meyi 22 16:08 dovecot.pem [root @ linuxbox dovecot] # ls -l okuyimfihlo / inani elingu-4 -rw -------. Impande eyi-1 impande 916 Meyi 22 16:08 dovecot.pem [root @ linuxbox dovecot] # service dovecot restart [root @ linuxbox dovecot] # isimo se-dovecot yesevisi
Izitifiketi zePostfix
[impande@linuxbox ~]# cd /etc/pki/tls/ [root@linuxbox tls]# openssl req -sha256 -x509 -nodes -newkey rsa:4096 -days 1825 \ -out certs/desdelinux.fan.crt -keyout eyimfihlo/desdelinux.fan.key Ikhiqiza ukhiye oyimfihlo we-4096 bit RSA .........++ ..++ ukubhala ukhiye oyimfihlo omusha ku-'private/domain.tld.key' ----- Usuzocelwa ukuthi ufake imininingwane lokho kuzofakwa esicelweni sakho sesitifiketi. Osuzongena khona yilokho okubizwa ngeGama Elihloniphekile noma i-DN. Kukhona izinkambu ezimbalwa kodwa ungazishiya zingenalutho Kwezinye izinkambu kuzoba nenani elizenzakalelayo, Uma ufaka '.', inkambu izoshiywa ingenalutho. ----- Igama Lezwe (2 ikhodi yezinhlamvu) [XX]:CU Igama Lesifunda noma Lesifundazwe (igama eligcwele) []:Igama Lendawo yase-Cuba (isib. I-Default Company Ltd]:DesdeLinux.Igama Leyunithi Yenhlangano Yabalandeli (isb, isigaba) []:Igama Elivamile Labashisekeli (isb, igama lakho noma igama lomethuli weseva yakho) []:desdelinux.Ikheli le-imeyili labalandeli []:buzz@desdelinux.umlandeli
Ukumiswa okuncane kwe-Postfix
Sengeza ekugcineni kwefayela / njll / ama-aliases Okulandelayo:
impande: i-buzz
Ukuze ushintsho lusebenze sisebenzisa umyalo olandelayo:
[root @ linuxbox ~] # okusha
Ukucushwa kwePostifx kungenziwa ngokuhlela ngqo ifayili /etc/postfix/main.cf noma ngomyalo i-postconf -e ukunakekela ukuthi yonke ipharamitha esifuna ukuyiguqula noma ukuyifaka ibonakala kulayini owodwa wekhonsoli:
- Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.
[impande@linuxbox ~]# postconf -e 'myhostname = desdelinux.umlandeli' [impande@linuxbox ~]# postconf -e 'mydomain = desdelinux.umlandeli' [impande @ linuxbox ~] # postconf -e 'myorigin = $ mydomain' [root @ linuxbox ~] # postconf -e 'inet_interfaces = konke' [root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, imeyili. $ mydomain, www. $ mydomain, ftp. $ mydomain' [impande @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8' [root @ linuxbox ~] # postconf -e 'ibhokisi leposi_command = / usr / bin / procmail -a "$ EXTENSION"' [izimpande @ linuxbox ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'
Sengeza ekugcineni kwefayela /etc/postfix/main.cf izinketho ezinikezwe ngezansi. Ukwazi incazelo yazo ngayinye, sincoma ukuthi ufunde imibhalo ehambisana nayo.
ibiff = cha
i-append_dot_mydomain = cha
isikhathi sokulibazisa_isikhathi = 4h
i-readme_directory = cha
smtpd_tls_cert_file=/etc/pki/certs/desdelinux.umlandeli.crt
smtpd_tls_key_file=/etc/pki/private/desdelinux.fan.key
smtpd_use_tls = yebo
smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache
smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache
smtpd_relay_restrictions = imvume_imvume yokusebenza kwamakhemikhali_sasl_authenticated defer_unauth_destination
# Usayizi webhokisi leposi ophezulu ama-megabyte ayi-1024 = 1 g no-g
ibhokisi leposi_size_limit = 1073741824
umamukeli_delimiter = +
maximal_queue_lifetime = 7d
header_checks = regexp: / etc / postfix / header_checks
body_checks = regexp: / etc / postfix / body_checks
# Ama-Akhawunti athumela ikhophi le-imeyili engenayo kwenye i-akhawunti
umamukeli_bcc_maps = hash: / etc / postfix / accounts_ forwarding_copy
Imigqa elandelayo ibalulekile ukuthola ukuthi ngubani ongathumela i-imeyili futhi ayidlulisele kwamanye amaseva, ukuze singamisi ngengozi i- "relay open" evumela abasebenzisi abangaqinisekisiwe ukuthumela imeyili. Kufanele sibheke amakhasi osizo wePostfix ukuqonda ukuthi inketho ngayinye isho ukuthini.
- Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.
smtpd_helo_restrictions = imvume_misebenzi yamanethiwekhi,
xwayisa_uma_wenqaba igama_negama_fqdn_hostname,
nqabela_igama_lingavumelekile_elisetshenzisiwe,
imvume
smtpd_sender_restrictions = imvume_sasl_kuqinisekisiwe,
imvume_i-network yami,
xwayisa_uma_nqaba ukwenqaba_ngekho_fqdn_sender,
nqabela_isizinda_esingaziwa_se-server,
reject_unauth_ipipininging,
imvume
smtpd_client_restrictions = ukwenqaba_rbl_client sbl.spamhaus.org,
ukwenqaba_rbl_client blackholes.easynet.nl
# QAPHELA: Inketho "isheke_policy_service inet: 127.0.0.1: 10023"
# inika amandla uhlelo lwePostgrey, futhi akufanele silufake
# kungenjalo sizosebenzisa iPostgrey
smtpd_recipient_restrictions = reject_unauth_pipelining,
imvume_i-network yami,
imvume_sasl_aqinisekisiwe,
ukwenqaba_ukungekho_fqdn_mamukeli,
wenqaba_isizinda_esamukelayo_esingaziwa,
nqabela_unauth_ukunqunyelwa,
isheke_policy_service inet: 127.0.0.1: 10023,
imvume
smtpd_data_restrictions = reject_unauth_pipelining
smtpd_relay_restrictions = reject_unauth_pipelining,
imvume_i-network yami,
imvume_sasl_aqinisekisiwe,
ukwenqaba_ukungekho_fqdn_mamukeli,
wenqaba_isizinda_esamukelayo_esingaziwa,
nqabela_unauth_ukunqunyelwa,
isheke_policy_service inet: 127.0.0.1: 10023,
imvume
smtpd_helo_required = yebo
smtpd_delay_reject = yebo
khubaza_vrfy_command = yebo
Sakha amafayela / njll / postfix / body_checks y / etc / postfix / accounts_forwarding_copy, futhi siguqula ifayela / etc / postfix / header_checks.
- Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.
[root @ linuxbox ~] # nano / etc / postfix / body_checks
# Uma leli fayela liguquliwe, akudingekile # ukwenza i-postmap # Ukuhlola imithetho, sebenzisa njengezimpande: # i-postmap -q 'v1agra entsha entsha' regexp: / etc / postfix / body_checks
# Kufanele ibuye: # NQABA umthetho # 2 Umzimba Womyalezo Ogaxekile Wokugaxekile
/ viagra / NQABA Umthetho # 1 Ugaxekile Omelene nomzimba womyalezo
/ super new v [i1] agra / REJECT Rule # 2 Umzimba womlayezo we-Anti Spam
[root @ linuxbox ~] # nano / etc / postfix / accounts_ ukudlulisa_copy
# Ngemuva kokuguqula, kufanele usebenzise: # i-postmap / etc / postfix / accounts_ forwarding_copy
# nefayela lidaliwe noma liyalinganiswa: # /etc/postfix/accounts_forwarding_copy.db
# ---------------------------------------- # I-akhawunti EYODWA yokudlulisela i-BCC eyodwa kopisha # BCC = Ikhophi Yekhabhoni Emnyama # Isibonelo: # webadmin@desdelinux.i-buzz yabalandeli@desdelinux.umlandeli
[impande @ linuxbox ~] # i-postmap / etc / postfix / accounts_ forwarding_copy
[impande @ linuxbox ~] # nano / etc / postfix / header_checks
# Faka ekugcineni kwefayela # AKUDINGI I-Postmap njengoba kuyizichasiso ezijwayelekile
/ ^ Isihloko: =? Big5? / NQABA ukufaka ikhodi kwe-Chinese akwamukelwa yile seva
/ ^ Isihloko: =? I-EUC-KR? / NQABA ukufakwa kwikhodi kwesiKorea akuvunyelwe yile seva
/ ^ Isihloko: ADV: / REJECT Izikhangiso ezingamukelwa yile seva
/^Kusuka ku :.*\@.*\.cn/ YENZA Uxolo, imeyili yaseChina ayivunyelwe lapha
/^Kusuka ku :.*\@.*\.kr/ YENZA Uxolo, imeyili yaseKorea ayivunyelwe lapha
/^Kusukela ku :.*\@.*\.tr/ YENZA Uxolo, imeyili yaseTurkey ayivunyelwe lapha
/^Kusuka ku :.*\@.*\.ro/ YENZA Uxolo, imeyili yaseRomania ayivunyelwe lapha
/^(Umyalezo We -|Message-Id|X-(Mailer|Sender))::*\b(AutoMail|E-Broadcaster|Emailer Platinum | Thunder Server | eMarkman | Extractor | e-Merge | from stealth [^.] | IGlobal Messenger | GroupMaster | Mailcast | MailKing | Match10 | MassE-Mail | massmail \ .pl | News Breaker | Powermailer | Quick Shot | Ready Aim Fire | WindoZ | WorldMerge | Yourdora | Lite) \ b / YENQABA Awekho ama-mail mass avunyelwe.
/ ^ Kusuka ku: "spammer / REJECT
/ ^ Kusuka ku: "ugaxekile / WENQABILE
/^Subject:.*viagra/ IKHASI
# Izandiso eziyingozi
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / YENQABA UKWENQABA Asizemukeli izinanyathiselwa ngalezi zandiso
Sihlola i-syntax, siqale kabusha i-Apache nePostifx, bese siyayivumela bese siqala iDovecot
[root @ linuxbox ~] # isheke postfix [impande @ linuxbox ~] # [root @ linuxbox ~] # systemctl qala kabusha i-httpd [impande @ linuxbox ~] # systemctl isimo httpd [root @ linuxbox ~] # systemctl qala kabusha postfix [root @ linuxbox ~] # systemctl isimo postfix [root @ linuxbox ~] # systemctl isimo dovecot ● dovecot.service - Iseva ye-imeyili ye-Dovecot IMAP / POP3 ilayishiwe: ilayishiwe (/usr/lib/systemd/system/dovecot.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile) [root @ linuxbox ~] # systemctl vumela i-dovecot [root @ linuxbox ~] # systemctl qala i-dovecot [root @ linuxbox ~] # systemctl qala kabusha i-dovecot [root @ linuxbox ~] # systemctl isimo dovecot
Ukuhlolwa kwezinga le-Console
- Kubaluleke kakhulu ngaphambi kokuqhubeka nokufakwa nokulungiswa kwezinye izinhlelo, ukwenza ukuhlolwa okuncane okudingekayo kwezinsizakalo ze-SMTP ne-POP.
Local kusuka kuseva uqobo
Sithumela i-imeyili kumsebenzisi wendawo i-legolas.
[root @ linuxbox ~] # echo "Sawubona. Lona ngumyalezo wokuhlola" | mail -s "Test" legolas
Sihlola ibhokisi leposi le- i-legolas.
[izimpande @ linuxbox ~] # openssl s_client -crlf -connect 127.0.0.1: 110 -starttls pop3
Ngemuva komyalezo IDovecot ilungile! siyaqhubeka:
--- + KULUNGILE iDovecot ilungile! USER i-legolas +OK PASS i-legolas +KULUNGILE Ungene ngemvume. STAT +OK 1 559 UHLU +OK 1 imilayezo: 1 559 . RETR 1 +OK 559 octets-Return-Path:desdelinux.fan> X-Original-To: legolas Kulethwe-Ku: legolas@desdelinux.umlandeli Wamukelwe: ngu desdelinux.fan (Postfix, from userid 0) id 7EA22C11FC57; Msombuluko, 22 Meyi 2017 10:47:10 -0400 (EDT) Usuku: Msombuluko, 22 Meyi 2017 10:47:10 -0400 Ku: legolas@desdelinux.fan Isihloko: Hlola Umenzeli Womsebenzisi: I-Heirloom mailx 12.5 7/5/10 Inguqulo ye-MIME: 1.0 Uhlobo Lokuqukethwe: umbhalo/okucacile; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> From: root@desdelinux.umlandeli (impande) Sawubona. Lona umlayezo wokuhlola . YEKELA UKWENZA [impande @ linuxbox ~] #
Ama-Remote kusuka kukhompyutha eku-LAN
Masithumele omunye umyalezo ku i-legolas kusuka kwenye ikhompyutha kwi-LAN. Qaphela ukuthi ukuphepha kwe-TLS akudingeki ngokuqinile ngaphakathi kwenethiwekhi ye-SME.
buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \ -t legolas@desdelinux.umlandeli\ -u "Sawubona" \ -m "Sanibonani uLegolas ovela kumngani wakho uBuzz" \ -i-imeyili.desdelinux.umlandeli -o tls=cha Meyi 22 10:53:08 sysadmin sendemail [5866]: I-imeyili ithunyelwe ngempumelelo!
Uma sizama ukuxhuma nge Telnet Kusuka kumsingathi ku-LAN - noma kwi-Intanethi, kunjalo - kuya eDovecot, okulandelayo kuzokwenzeka ngoba sikhubaza ubuqiniso bokubhala okusobala:
buzz@sysadmin:~$ telnet mail.desdelinux.fan 110Izama 192.168.10.5...
Ixhume ku-linuxbox.desdelinux.umlandeli. Uhlamvu lwe-Escape luthi '^]'. +KULUNGILE I-Dovecot Isilungile! umsebenzisi legolas
-ERR [AUTH] Ukufakazela ubuqiniso ngokusobala akuvunyelwe ekuxhumekeni okungavikelekile (i-SSL / TLS).
Yeka + KULUNGILE Ukuphuma ku-Connection kuvalwe umphathi wasemazweni.
buzz @ sysadmin: ~ $
Kumele sikwenze konke ukuvula. Umphumela ophelele womyalo uzoba:
buzz@sysadmin:~$ openssl s_client -crlf -xhuma imeyili.desdelinux.fan:110 -starttls pop3 KUXHUNYIWE (00000003) ukujula=0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Abashisekeli, CN = *.desdelinux.fan, emailAddress = buzz@desdelinux.umlandeli Qinisekisa iphutha: num = 18: isitifiketi esizisayinele qinisekisa ukubuya: 1 ukujula=0 C = CU, ST = Cuba, L = Havana, O = DesdeLinux.Fan, OU = Abashisekeli, CN = *.desdelinux.fan, emailAddress = buzz@desdelinux.imbuyekezo yokuqinisekisa abalandeli:1 --- Uchungechunge lwesitifiketi 0 s:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Abalandeli/OU=Abashisekeli/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan i:/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Abalandeli/OU=Abashisekeli/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Server certificate -----BEGIN CERTIFICATE----- MIICyzCCAjSgAwIBAgIJAKUHI/2ZD+MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51 eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR+Bnk+OZ80lujS2hP+nBmqxzJbpc XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW+lnPBqF2b/Bt2eYyR7gJhtlP6gRG V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW+QkLskum7ESryHZonKOCelfn2vnRl 8oAgHg7Hbtg/e6sR/W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql LT+MV5/DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6/VQBI8= -----END CERTIFICATE----- subject=/C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Abalandeli/OU=Abashisekeli/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.umkhiphi wabalandeli=/C=CU/ST=Cuba/L=Havana/O=DesdeLinux.Abalandeli/OU=Abashisekeli/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Asikho isitifiketi seklayenti Amagama e-CA athunyelwe Ukhiye Wesikhathi Weseva: ECDH, secp384r1, 384 bits --- Ukuxhawula kwe-SSL kufunde amabhayithi angu-1342 futhi kwabhala amabhayithi angu-411 --- Okusha, TLSv1/SSLv3, I-Cipher ithi ECDHE-RSA-AES256 -GCM-SHA384 Ukhiye osesidlangalaleni weseva yi-1024 bit Ukuxoxisana Kabusha Okuvikelekile IYAsekelwa Ukucindezelwa: AKUKHO Ukunwetshwa: AKUKHO I-SSL-Session: Iphrothokholi: TLSv1.2 I-Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 745C4Dsion-0236204IDAct-IDAct16234s : I-Master-Key: 15D9C3B084125CEA5989F5AF6AF5295D4C2F73F1904A204FD564CD76361F50373BC8879BFF793E7F7506b04473777Isihluthulelo se-P6: Umazisi: Alikho ithikithi leseshini ye-TLS iseluleko sempilo yonke: 3503 (amasekhondi) ithikithi leseshini ye-TLS: 9 - 919e 1a f837 67 29a 309f 352526 5-ee f5 a300 0000f fc ec 4e 3c N:.)zOcr...O..~. 8 - 29c d7 kube a4 kube 63 72e ae-7 6e 4 7d 1 c0010 2 a4 ,.....~.mE... 8 - db 92a 2 98 df 7b dc 87d-f6 45f 5 d17 8e .:.......hn.... 0020 - 3 86 e80 eb 8 b8 a8 1-68 b6 ea f7 3 f86 c0030 08 .35......h...r ..y 5 - 98 8a 4 e98 68 a1 7b da-e72 7a 1 c79 5 bf 0040 89d .J(......z).w.". 4 - bd 28c f3 85 4c a8 9 bd-cb 7 29 7 77a dc 22 0 .\.a.....0050'fz.Q( 5 - b6 kokungu-61 bd 8b 1f d14 ec-d31 e27 66 c7 51 28 b1 0060 ..7.+.... ...e ..35 2 - 0 4 f3 de 0 da ae 14-8 bd f65 b03 e1 35c cf 5 5..H..0070........ 38 - f34 8 48 31 90 b6 0c db-aa ee 6a d9 19b 84c dd 1 .BV.......Z..,.q 0080 - 5a f42 56 13 88 0 c8 5a-7 e1 2f 71c bf dc 0090c a7 z..p.. ..b. ....< Isikhathi Sokuqala: 1 Isikhathi Siphelile: 03 (amasekhondi) Qinisekisa ikhodi yokubuyisela: 70 (isitifiketi esizisayinele) --- + KULUNGILE iDovecot ilungile! USER i-legolas + KULUNGILE I-PASS legolas + KULUNGILE Ungene ngemvume. LIST + Kulungile 1 imilayezo: 1 1021. I-RETR 1 +KULUNGILE 1021 octets Return-Path: I-X-Original-To: legolas@desdelinuxI-.fan ilethwe-Ku: legolas@desdelinuxI-.fan Yamukelwe: evela ku-sysadmin.desdelinux.fan (isango [172.16.10.1]) ngu desdelinux.fan (Postfix) ene-ESMTP id 51886C11E8C0 yedesdelinux.umlandeli>; Msombuluko, 22 Meyi 2017 15:09:11 -0400 (EDT) Message-ID: <919362.931369932-sendEmail@sysadmin> Kusukela: "buzz@deslinux.fan" Ku: "legolas@desdelinux.umlandeli"desdelinux.fan> Isihloko: Sawubona Usuku: Mon, 22 May 2017 19:09:11 +0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----MIME delimiter for sendEmail-365707.724894495" Lona umlayezo onezingxenye eziningi ngefomethi ye-MIME. Ukuze ubonise kahle lo mlayezo udinga uhlelo lwe-imeyili oluhambisana ne-MIME-Version 1.0. ------MIME delimiter for sendEmail-365707.724894495 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Sanibonani Legolas evela kumngane wakho Buzz ------MIME delimiter for sendEmail-365707.724894495-- . QUIT + KULUNGILE Ukuphuma. kuvaliwe buzz @ sysadmin: ~ $
I-Squirrelmail
I-Squirrelmail iklayenti lewebhu elibhalwe ngokuphelele ku-PHP. Kubandakanya ukusekelwa kwendabuko kwe-PHP kwama-protocol we-IMAP ne-SMTP, futhi kunikezela ngokuhambisana okuphezulu neziphequluli ezahlukahlukene ezisetshenziswayo. Isebenza kahle kunoma iyiphi iseva ye-IMAP. Inakho konke ukusebenza okudingayo kusuka kuklayenti le-imeyili kufaka phakathi ukusekelwa kwe-MIME, incwadi yamakheli nokuphathwa kwefolda.
[root @ linuxbox ~] # yum ukufaka squirrelmail
[root @ linuxbox ~] # service httpd qala kabusha
[izimpande @ linuxbox ~] # nano /etc/squirrelmail/config.php
$domain = 'desdelinux.umlandeli';
$imapServerAddress = 'mail.desdelinux.umlandeli';
$ imapPort = 143;
$smtpServerAddress = 'desdelinux.umlandeli';
[root @ linuxbox ~] # service httpd layisha kabusha
I-DNS Send Policy Framenwork noma irekhodi le-SPF
Esihlokweni Iseva ye-NSD Authoritarian DNS Server + Shorewall Sabona ukuthi iZone"desdelinux.fan» yalungiswa ngendlela elandelayo:
impande @ ns:~# nano /etc/nsd/desdelinux.indawo.yabalandeli $ORIGIN desdelinux.umlandeli. $TTL 3H @ IN SOA izinombolo.desdelinux.umlandeli. impande.desdelinux.umlandeli. ( 1 ; serial 1D ; vuselela 1H ; zama futhi 1W ; phelelwa yisikhathi 3H ); ubuncane noma; Isikhathi sokulondoloza isikhashana esingesihle sokuphila; @ IN NS ns.desdelinux.umlandeli. @ IN MX 10 i-imeyili.desdelinux.umlandeli. @ IN TXT "v=spf1 a:mail.desdelinux.fan -konke" ; ; Ukubhalisa ukuxazulula imibuzo yokumba desdelinux.umlandeli @ IN A 172.16.10.10 ; ns KU-imeyili 172.16.10.30 KU-CNAME desdelinux.umlandeli. xoxa KU-CNAME desdelinux.umlandeli. www KU-CNAME desdelinux.umlandeli. ; ; Amarekhodi e-SRV ahlobene ne-XMPP _xmpp-server._tcp IN SRV 0 0 5269 desdelinux.umlandeli. _xmpp-client._tcp IN SRV 0 0 5222 desdelinux.umlandeli. _jabber._tcp KU-SRV 0 0 5269 desdelinux.umlandeli.
Kubhaliswa kuyo kubhaliswa:
@ IN TXT "v=spf1 a:mail.desdelinux.fan -konke"
Ukuze sibe nepharamitha efanayo elungiselelwe i-SME Network noma i-LAN, kufanele siguqule ifayela lokumiswa le-Dnsmasq ngokulandelayo:
# Amarekhodi e-TXT. Futhi singamemezela irekhodi le-SPF txt-record=desdelinux.fan,"v=spf1 a:mail.desdelinux.fan -konke"
Ngemuva kwalokho siqala kabusha insiza:
[root @ linuxbox ~] # service dnsmasq restart [impande@linuxbox ~]# isevisi ye-dnsmasq isimo [impande@linuxbox ~]# umsingathi -t imeyili ye-TXT.desdelinux.imeyili yabalandeli.desdelinux.umlandeli uyisiteketiso sokuthi desdelinux.umlandeli. desdelinux.umbhalo ochazayo wabalandeli "v=spf1 a:mail.desdelinux.fan -konke"
Izitifiketi Zokuzisayinela kanye ne-Apache noma i-httpd
Noma isiphequluli sakho sikutshela ukuthi «Umnikazi we imeyili.desdelinux.umlandeli Uyilungiselele ngokungafanele iwebhusayithi yakho. Ukuvikela imininingwane yakho ukuthi intshontshwe, iFirefox ayixhunyiwe kule webhusayithi ”, isitifiketi esakhiwe ngaphambilini KUVUMELEKILE, Futhi kuzovumela imininingwane phakathi kweklayenti neseva ukuthi ihambe ibethelwe, ngemuva kokuthi samukele isitifiketi.
Uma ufisa, futhi njengendlela yokuhlanganisa izitifiketi, ungamemezela ku-Apache izitifiketi ezifanayo ozimemezele ngePostfix, okulungile.
[impande @ linuxbox ~] # nano /etc/httpd/conf.d/ssl.conf
I-SSLCertificateFile /etc/pki/tls/certs/desdelinux.umlandeli.crt
I-SSLCertificateKeyFile /etc/pki/tls/private/desdelinux.fan.key
[impande @ linuxbox ~] # isevisi httpd iqala kabusha
[impande @ linuxbox ~] # isimo se-httpd yesevisi
Iqembu le-Diffie-Hellman
Isihloko Sokuphepha siba nzima nsuku zonke kwi-Intanethi. Okunye kokuhlasela okuvame kakhulu ekuxhumaneni I-SSL, iyona I-Logjam futhi ukuvikela ngokumelene nayo kuyadingeka ukwengeza amapharamitha angajwayelekile ekucushweni kwe-SSL. Kulokhu kukhona ifayela le- I-RFC-3526 «Okuningi Modular Exponential (MODP) UDiffie-Hellman Amaqembu ye-Internet Key Exchange (IKE)".
[izimpande @ linuxbox ~] # cd / njll / pki / tls /
[root @ linuxbox tls] # openssl dhparam -kuyimfihlo / dhparams.pem 2048
[izimpande @ linuxbox tls] # chmod 600 yangasese / dhparams.pem
Ngokwenguqulo ye-Apache esiyifakile, sizosebenzisa i-Diffie-Helman Group kusuka kufayela /etc/pki/tls/dhparams.pem. Uma kunguhlobo 2.4.8 noma kamuva, lapho-ke kuzofanele sengeze kufayela /etc/httpd/conf.d/ssl.conf umugqa olandelayo:
SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"
Uhlobo lwe-Apache olusisebenzisayo yile:
[izimpande @ linuxbox tls] # yum info httpd
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: httpd Architecture: x86_64
Inguqulo: 2.4.6
Ukukhishwa: 45.el7.centos Usayizi: 9.4 M Indawo yokugcina: efakwe Kusuka endaweni yokugcina: Isifinyezo se-Base-Repo: I-Apache HTTP Server URL: http://httpd.apache.org/ Ilayisense: ASL 2.0 Incazelo: Iseva ye-Apache HTTP inamandla , esebenza kahle, futhi enwebekayo: iseva yewebhu.
Njengoba sinenguqulo ngaphambi kuka-2.4.8, sifaka ekugcineni kwesitifiketi se-CRT esakhiwe ngaphambili, okuqukethwe kweQembu le-Diffie-Helman:
[izimpande @ linuxbox tls] # ikati eliyimfihlo / dhparams.pem >> izitifiketi/desdelinux.umlandeli.crt
Uma ufuna ukubheka ukuthi amapharamitha we-DH afakwe kahle yini kusitifiketi se-CRT, yenza le miyalo elandelayo:
[izimpande @ linuxbox tls] # ikati eliyimfihlo / dhparams.pem ----- QALA DH IZIMPAHLA ----- MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP /O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe 8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv /LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3 cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg== ----- END DH IZIMPAHLA ----- [impande@linuxbox tls]# izitifiketi zekati/desdelinux.umlandeli.crt -----BEGIN CERTIFICATE----- MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8 sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr /BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1 5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe /02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm 1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V 6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3 2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5 8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU 4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh Nf0/JsEjPklCugE= -----END CERTIFICATE----- -----BEGIN DH PARAMETERS----- MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP /O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe 8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv /LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3 cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg== ----- END DH IZIMPAHLA -----
Ngemuva kwalezi zinguquko, kufanele siqale kabusha izinsizakalo zePostfix ne-httpd:
[root @ linuxbox tls] # service postfix restart [root @ linuxbox tls] # isimo se-postfix yesevisi [izimpande @ linuxbox tls] # service httpd restart [root @ linuxbox tls] # service httpd isimo
Ukufakwa kweQembu le-Diffie-Helman kuzitifiketi zethu ze-TLS kungenza ukuxhuma nge-HTTPS kuhamba kancane, kepha ukwengeza ukuphepha kukufanele.
Ihlola i-squirrelmail
BESE ukuthi izitifiketi zenziwe kahle nokuthi siqinisekisa ukusebenza kwazo okulungile njengoba senzile ngemiyalo yekhonsoli, khomba isiphequluli sakho osithandayo ku-URL http://mail.desdelinux.fan/webmail futhi izoxhuma kuklayenti lewebhu ngemuva kokwamukela isitifiketi esihambisanayo. Qaphela ukuthi noma ucacisa umthetho olandelwayo we-HTTP, uzoqondiswa kabusha ku-HTTPS, futhi lokhu kungenxa yezilungiselelo ezizenzakalelayo zokunikezwa kwe-CentOS ze-Squirrelmail. Bona ifayela /etc/httpd/conf.d/squirrelmail.conf.
Mayelana namabhokisi eposi womsebenzisi
IDovecot idala amabhokisi eposi e-IMAP kufolda ikhaya yomsebenzisi ngamunye:
[izimpande @ linuxbox ~] # ls -la /home/legolas/mail/.imap/ ingqikithi ye-12 drwxrwx ---. Ama-5 we-legolas mail 4096 Meyi 22 12:39. i-drwx ------. I-3 legolas legolas 75 Meyi 22 11:34 .. -rw -------. I-1 legolas legolas 72 Meyi 22 11: 34 dovecot.mailbox.log -rw -------. I-1 legolas legolas 8 Meyi 22 12:39 dovecot-uidvalidity -r - r - r--. I-1 legolas legolas 0 Meyi 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. I-2 legolas mail 56 Meyi 22 10:23 INBOX drwx ------. 2 i-legolas legolas 56 Meyi 22 12:39 Ithunyelwe i-drwx ------. 2 legolas legolas 30 Meyi 22 11:34 Udoti
Futhi zigcinwa ku- / var / mail /
[root @ linuxbox ~] # ngaphansi / var / mail / legolas Kusuka ku-MAILER_DAEMON uMsombuluko Meyi 22 10:28:00 2017 Usuku: Msombuluko, 22 Meyi 2017 10:28:00 -0400 Kusuka: Idatha Yangaphakathi Yesistimu Yemeyili Isihloko: UNGASUSI LO MLAYEZO -- I-ID YEDATHA YAPHAKATHI YEFOLDA: <1495463280@linuxbox> . Idalwa ngokuzenzakalelayo isofthiwe yesistimu yemeyili. Uma isusiwe, idatha ebalulekile yefolda izolahleka, futhi izophinda idalwe futhi ngokusetha kabusha idatha ibe amanani okuqala. Kusuka kumpande@desdelinux.fan Mon May 22 10:47:10 2017 Indlela Yokubuya:desdelinux.fan> X-Original-To: legolas Kulethwe-Ku: legolas@desdelinux.umlandeli Wamukelwe: ngu desdelinux.fan (Postfix, from userid 0) id 7EA22C11FC57; Msombuluko, 22 Meyi 2017 10:47:10 -0400 (EDT) Usuku: Msombuluko, 22 Meyi 2017 10:47:10 -0400 Ku: legolas@desdelinux.fan Isihloko: Hlola Umenzeli Womsebenzisi: I-Heirloom mailx 12.5 7/5/10 Inguqulo ye-MIME: 1.0 Uhlobo Lokuqukethwe: umbhalo/okucacile; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> From: root@desdelinux.fan (impande) X-UID: 7 Isimo: RO Sawubona. Lona umlayezo wokuhlola Ovela ku-buzz@deslinux.fan Mon May 22 10:53:08 2017 Indlela Yokubuyela: I-X-Original-To: legolas@desdelinuxI-.fan ilethwe-Ku: legolas@desdelinuxI-.fan Yamukelwe: evela ku-sysadmin.desdelinux.fan (isango [172.16.10.1]) ngu desdelinux.fan (Postfix) ene-ID ye-ESMTP ethi C184DC11FC57 yedesdelinux.umlandeli>; Msombuluko, 22 Meyi 2017 10:53:08 -0400 (EDT) Message-ID: <739874.219379516-sendEmail@sysadmin> Kusukela: "buzz@deslinux.fan" Ku: "legolas@desdelinux.umlandeli"desdelinux.fan> Isihloko: Sawubona Usuku: Mon, 22 May 2017 14:53:08 +0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Content-Type: multipart/related; boundary="----MIME delimiter for sendEmail-794889.899510057 / var / mail / legolas
Isifinyezo sezinkonzo ze-PAM
Sibheke umnyombo weMailserver futhi sagcizelela kancane ezokuphepha. Siyethemba ukuthi i-athikili isebenza njengendawo yokungena esihlokweni esinzima futhi esingahle senze amaphutha njengoba kungukuqaliswa kweServer Mail ngesandla.
Sisebenzisa ukuqinisekiswa komsebenzisi kwasendaweni ngoba uma silifunda kahle lelo fayela /etc/dovecot/conf.d/10-auth.conf, sizobona ukuthi ekugcineni kufakiwe -ngokuzenzakalelayo- ifayela lokufakazela ubuqiniso labasebenzisi bohlelo zihlanganisa auth-system.conf.ext. Impela leli fayela lisitshela enhlokweni yalo ukuthi:
[root @ linuxbox ~] # ngaphansi /etc/dovecot/conf.d/auth-system.conf.ext
# Ukufakazela ubuqiniso kwabasebenzisi bohlelo. Kufakiwe kusuka ku-10-auth.conf. # # # # Ukuqinisekiswa kwe-PAM. Ezikhethwayo kulezi zinsuku ngezinhlelo eziningi.
I- # PAM isetshenziswa kakhulu nge-userdb passwd noma i-userdb static. # KHUMBULA: Uzodinga /etc/pam.d/dovecot ifayela elenzelwe ukuqinisekiswa kwe-PAM # ukuze lisebenze empeleni. i-passdb {driver = pam # [session = yebo] [setcred = yebo] [failure_show_msg = yebo] [max_requests = ] # [ukhiye_ wenqolobane = ] [ ] #args = i-dovecot}
Futhi elinye ifayili likhona /etc/pam.d/dovecot:
[impande @ linuxbox ~] # ikati /etc/pam.d/dovecot #% I-PAM-1.0 i-auth edingekayo pam_nologin.so i-auth ifaka i-akhawunti ye-password-auth ifaka iseshini ye-password-auth ifaka ne-password-auth
Yini esizama ukuyidlulisa ngokuqinisekiswa kwe-PAM?
- I-CentOS, i-Debian, i-Ubuntu, nokunye okuningi kwe-Linux okufaka i-Postifx ne-Dovecot ngokuqinisekiswa kwasendaweni okunikwe amandla ngokuzenzakalela.
- Ama-athikili amaningi ku-Intanethi asebenzisa i-MySQL - futhi muva nje iMariaDB - ukugcina abasebenzisi nenye idatha ephathelene neMailserver. KODWA lawa amaseva ezinkulungwane zabasebenzisi, hhayi i-SME Network yakudala ene - mhlawumbe - amakhulu wabasebenzisi.
- Ukufakazela ubuqiniso nge-PAM kuyadingeka futhi kwanele ukuhlinzeka ngezinsizakalo zenethiwekhi inqobo nje uma zisebenza kuseva eyodwa njengoba sibonile kulezi zinsizakalo.
- Abasebenzisi abagcinwe kudathabheyisi ye-LDAP bangafakwa kumephu sengathi bangabasebenzisi bendawo, futhi ukufakazela ubuqiniso be-PAM kungasetshenziswa ukuhlinzeka ngezinsizakalo zenethiwekhi ezivela kumaseva e-Linux ahlukahlukene asebenza njengamakhasimende e-LDAP kuseva emaphakathi yokufakazela ubuqiniso. Ngale ndlela, sizosebenza ngemininingwane yabasebenzisi egcinwe enkabeni yedatha yeseva ye-LDAP, futhi ngeke KUBALULEKILE ukugcina i-database enabasebenzisi bendawo.
Kuze adventure olandelayo!
Ngikholwe ukuthi empeleni le yinqubo enikeza ama-sysadmin angaphezu kweyodwa amakhanda aqatha, ngiyaqiniseka ukuthi ngokuzayo kuzoba umhlahlandlela wokukhomba kunoma ngubani ofuna ukuphatha ama-imeyili akhe uqobo, icala elisebenzayo eliba ku-abc lapho ukuhlanganisa i-postfix, i-dovecot, i-squirrelmail ..
Ngibonga kakhulu ngomnikelo wakho oncomekayo,
Kungani ungasebenzisi i-Mailpile, uma kuziwa kwezokuphepha, nge-PGP? Futhi i-Roundcube ine-interface enembile kakhulu futhi ingahlanganisa ne-PGP.
Ezinsukwini ezi-3 ezedlule ngifunde okuthunyelwe, ngiyazi ukuthi ngingabonga kanjani. Angihleli ukufaka i-mail server kepha kuyasiza njalo ukubona ukwenziwa kwezitifiketi, kuwusizo kwezinye izinhlelo zokusebenza futhi lezi zifundo aziphelelwa yisikhathi (ikakhulukazi uma usebenzisa i-centOS).
Manuel Cillero: Siyabonga ngokuxhumanisa ibhulogi yakho futhi uyibhale nale ndatshana okuyisisekelo esiphansi seseva yeposi esuselwa kuPostfix naseDovecot.
Lizard: Njengenjwayelo, ukuhlolwa kwakho kwamukelwa kahle kakhulu. Ngiyabonga.
UDarko: Cishe kuzo zonke izindatshana zami ngiveza okungaphezulu noma okuncane ukuthi "Wonke umuntu usebenzisa izinsizakalo ngezinhlelo azithanda kakhulu." Siyabonga ngokuphawula.
Martin: Ngiyabonga futhi ngokufunda le ndatshana futhi ngiyethemba izokusiza emsebenzini wakho.
I-athikili enkulu umngani uFederico. Ngiyabonga kakhulu nge-tuto enhle kangaka.
okuhle kakhulu yize bengizosebenzisa "abasebenzisi ababonakalayo" ukugwema ukudala umsebenzisi wesistimu njalo lapho ngifaka i-imeyili, ngiyabonga ngifunde izinto eziningi ezintsha futhi lolu uhlobo lokuthunyelwe ebengikulindile
Ntambama,
Bangalokotha benze okufanayo nge-fedora directory server + postifx + dovecot + thunderbird noma umbono.
Nginengxenye kodwa ngisamile, ngingakuthokozela ukwabelana ngombhalo emphakathini @desdelinux
Bengingacabangi ukuthi izofinyelela ngaphezu kokuvakashelwa okungu-3000 !!!
Sanibonani Lizard!
Osebenza naye kahle wokufundisa.
Ungayenzela i-Debian 10 nabasebenzisi be-Directory Esebenzayo efakwe ku-Samba4 ???
Ngicabanga ukuthi kungacishe kufane kepha kushintshe uhlobo lokufakazela ubuqiniso.
Isigaba osinikezela ekwakhiweni kwezitifiketi ezisayiniwe sithakazelisa kakhulu.