I-Postfix + Dovecot + Squirrelmail nabasebenzisi bendawo - Amanethiwekhi e-SMB

Inkomba ejwayelekile yochungechunge: Ama-Computer Networks ama-SME: Isingeniso

Lo mbhalo ukuqhubeka nokugcina kokusebenza:

• Ukuqinisekiswa kwe-squid + PAM ku-CentOS 7.
• Ukuphathwa komsebenzisi wasendaweni neqembu
• Iseva ye-NSD Authoritarian DNS Server + Shorewall
• I-Prosody IM nabasebenzisi bendawo
  

Sanibonani bangani nabangane!

I-Los Abathandekayo bafuna ukuba neseva yabo yeposi. Abafuni ukusebenzisa amaseva lapho "Ubumfihlo" buphakathi kwezimpawu zombuzo. Umuntu ophethe ukwenza insiza kuseva yakho encane akayona ingcweti kule ndaba futhi uzoqala azame ukufaka umnyombo weseva yeposi ezayo nephelele. Ngabe lokho "ukulinganisa" kokwenza i-Full Mailserver kunzima kakhulu ukukuqonda nokukusebenzisa. 😉

Izichasiselo ze-Margin

• Kuyadingeka ukuthi kucace ukuthi imiphi imisebenzi eyenziwa uhlelo ngalunye olubandakanyeka kuMailserver. Njengomhlahlandlela wokuqala sinikeza lonke uchungechunge lwezixhumanisi eziwusizo ngenhloso emenyezelwe ukuthi zivakashelwe.
• Ukusebenzisa i-Complete Mail Service ngesandla futhi kusukela ekuqaleni kuyinqubo ekhathazayo, ngaphandle kwalapho ungomunye walabo "Abakhethiwe" abenza lo msebenzi nsuku zonke. I-Mail Server yakhiwa ngendlela ejwayelekile- ngezinhlelo ezahlukahlukene ezisingatha ngokwehlukana SMTP, I-POP / I-IMAP, Isitoreji Sendawo Semilayezo, imisebenzi ehlobene nokwelashwa kwefayela le- I-SPAM, I-Antivirus, njll. ZONKE lezi zinhlelo kumele zixhumane ngendlela efanele.
• Abukho usayizi owodwa olingana konke noma "izindlela ezinhle kakhulu" zokuphatha abasebenzisi; uyigcina kuphi futhi kanjani imiyalezo, noma ukuthi ungazenza kanjani zonke izingxenye zisebenze zizonke.
• Ukuhlanganiswa nokulungiswa kweMailserver kuthanda ukunganaki ezindabeni ezinjengezimvume nabanikazi bamafayela, ukukhetha ukuthi yimuphi umsebenzisi ozophatha inqubo ethile, nangamaphutha amancane enziwe kufayela elithile lokucushwa kwe-esoteric.
• Ngaphandle kokuthi wazi kahle okwenzayo, umphumela wokugcina uzoba i-Mail Server engavikelekile noma engasebenzi kancane. Ukuthi ekugcineni kokuqaliswa akusebenzi, kungenzeka kube kuncane kobubi.
• Singathola ku-inthanethi inamba enhle yezindlela zokupheka zokwenza i-Mail Server. Enye yezinto eziphelele kakhulu -ngombono wami uqobo- yilowo onikezwa ngumlobi U-Ivar Abrahamsen kumagazini wayo weshumi nantathu kaJanuwari 2017 «Ungayisetha kanjani iseva yeposi kuhlelo lwe-GNU / Linux".
• Sincoma nokuthi ufunde i-athikili «I-Mailserver ku-Ubuntu 14.04: I-Postfix, iDovecot, i-MySQL«, noma «I-Mailserver ku-Ubuntu 16.04: I-Postfix, iDovecot, i-MySQL".
• Yiqiniso. Imibhalo ehamba phambili maqondana nalokhu ingatholakala ngesiNgisi.
  • Yize singakaze senze iMailserver ngokwethembeka iqondiswe yi Kanjani ... okukhulunywe ngakho esigabeni esedlule, iqiniso lokuthi sililandele igxathu negxathu lizosinika umbono omuhle kakhulu wokuthi sizobe sibhekene nani.
• Uma ufuna ukuba ne-Mailserver ephelele ngezinyathelo ezimbalwa nje, ungalanda isithombe I-RedOS-0.6.0-CentOS-5.5-i386.iso, noma funa enye yesimanje, kungaba iRedOS noma iRedMail. Kuyindlela engincoma ngayo mathupha.

Sizofaka futhi silungiselele:

• I-Postfix njengeseva Mgarlic Transport Agent (SMTP).
• I-Dovecot njengeseva se-POP - IMAP.
• Izitifiketi zokuxhuma nge TLS.
• I-Squirrelmail njengesixhumi esibonakalayo sewebhu sabasebenzisi.
• Irekhodi le-DNS elihlobene ne- «Uhlaka lwenqubomgomo yabentwana»Noma SPF.
• Isizukulwane semodyuli Iqembu le-Diffie Hellman ukwandisa ukuphepha kwezitifiketi ze-SSL.

Kusazokwenziwa:

Okungenani lezi zinsizakalo ezilandelayo zizohlala zisetshenziswa:

• UPostgrey: Izinqubomgomo zeseva yePostfix yohlu lwamaGrey bese wenqabe i-Junk Mail
  
• amavisd-entsha: iskripthi esidala ukuxhumana phakathi kwe-MTA, nezikena zamagciwane kanye nezihlungi zokuqukethwe.
• Clamav Unqulo wesi arab: i-antivirus suite
• I-SpamAssassin: khipha i-Junk Mail
• I-razor (IPyzor): I-SPAM ithwebula ngenethiwekhi esatshalaliswayo neyokubambisana. Inethiwekhi yeVipul Razor igcina ikhathalogu ebuyekeziwe yokusabalalisa i-junk mail noma i-SPAM.
• Irekhodi le-DNS "i-DomainKeys Mail ekhonjiwe" noma I-DKIM.

Amaphakethe i-postgrey, i-amavisd-new, i-clamav, i-spamassassin, i-razor y phizor Atholakala ezinqolobaneni zohlelo. Sizophinde sithole uhlelo umabhebhana.

• Ukumenyezelwa okulungile kwamarekhodi e-DNS "i-SPF" ne "DKIM" kubalulekile uma singafuni ukuthi iseva yethu yeposi iqale ukusebenza, kuthiwe ayifuneki noma ingumkhiqizi we-SPAM noma i-Junk Mail, ngezinye izinsizakalo zeposi ezifana Gmail, Yawu, Hotmail, njll.

Ukuhlolwa kokuqala

Khumbula ukuthi le ndatshana ingukuqhubeka kweminye eqala ku- Ukuqinisekiswa kwe-squid + PAM ku-CentOS 7.

Isixhumi esibonakalayo se-Ens32 LAN sixhumeke kunethiwekhi yangaphakathi

[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens32
DEVICE=ens32
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:da:a3:e7
NM_CONTROLLED=no
IPADDR=192.168.10.5
NETMASK=255.255.255.0
GATEWAY=192.168.10.1
DOMAIN=desdelinux.fan
DNS1=127.0.0.1
ZONE = umphakathi

[impande @ linuxbox ~] # ifdown ens32 && ifup ens32

I-Ens34 WAN interface exhunywe kwi-Inthanethi

[izimpande @ linuxbox ~] # nano / njll / sysconfig / imibhalo yenethiwekhi / ifcfg-ens34
I-DEVICE = ens34 ONBOOT = yebo BOOTPROTO = static HWADDR = 00: 0c: 29: da: a3: e7 NM_CONTROLLED = no IPADDR = 172.16.10.10 NETMASK = 255.255.255.0 # Irutha ye-ADSL ixhunywe ku # lesi sixhumi # nekheli elilandelayo IGATEWAY IP = 172.16.10.1 DOMAIN = desdelinux.fan DNS1 = 127.0.0.1
ZONE = ngaphandle

Ukulungiswa kwe-DNS kusuka ku-LAN

[root @ linuxbox ~] # ikati /etc/resolv.conf ukusesha kusuka ku-linux.fan nameserver 127.0.0.1 nameserver 172.16.10.30 [root @ linuxbox ~] # imeyili yokubamba
i-mail.desdelinux.fan iyi-alias ye-linuxbox.desdelinux.fan. linuxbox.desdelinux.fan inekheli 192.168.10.5 imeyili ye-linuxbox.desdelinux.fan isingathwa nge-mail eyodwa engu-1.desdelinux.fan.

[root @ linuxbox ~] # iposi le-imeyili.fromlinux.fan
i-mail.desdelinux.fan iyi-alias ye-linuxbox.desdelinux.fan. linuxbox.desdelinux.fan inekheli 192.168.10.5 imeyili ye-linuxbox.desdelinux.fan isingathwa nge-mail eyodwa engu-1.desdelinux.fan.

Isixazululo se-DNS esivela kwi-Intanethi

buzz @ sysadmin: ~ $ host mail.fromlinux.fan 172.16.10.30
Usebenzisa iseva yesizinda: Igama: 172.16.10.30 Ikheli: 172.16.10.30 # 53 Ama-aliases: i-mail.desdelinux.fan iyigama le-desdelinux.fan.
kusuka ku-linux.fan kunekheli 172.16.10.10
Imeyili ye-desdelinux.fan isingathwa nge-imeyili eyi-10.desdelinux.fan.

Izinkinga zokuxazulula igama lomethuleli "desdelinux.fan" endaweni yangakini

Uma unezinkinga zokuxazulula igama lomethuleli «kusuka" ukusuka I-LAN, zama ukuphawula umugqa wefayela /etc/dnsmasq.conf lapho kumenyezelwa khona local = / from linux.fan /. Ngemuva kwalokho, qala kabusha iDnsmasq.

[root @ linuxbox ~] # nano /etc/dnsmasq.conf # Beka umugqa ngezansi:
# yendawo = / desdelinux.fan /

[root @ linuxbox ~] # service dnsmasq restart
Iqondisa kabusha ku- / bin / systemctl restart dnsmasq.service

[root @ linuxbox ~] # service dnsmasq isimo

[root @ linuxbox ~] # umphathi kusuka ku-linux.fan
desdelinux.fan unekheli elithi 172.16.10.10 imeyili ye-desdelinux.fan isingathwa nge-10 mail.desdelinux.fan.

I-Postfix ne-Dovecot

Imibhalo ebanzi kakhulu yePostfix neDovecot ingatholakala ku:

[izimpande @ linuxbox ~] # ls / usr/share/doc/postfix-2.10.1/
bounce.cf.default LICENSE README-Postfix-SASL-RedHat.txt COMPATIBILITY main.cf.default TLS_ACKNOWLEDGEMENTS izibonelo README_FILES TLS_LICENSE

[izimpande @ linuxbox ~] # ls / usr/share/doc/dovecot-2.2.10/
AUTHORS COPYING.MIT dovecot-openssl.cnf IZINDABA wiki UKUKOPISHA ChangeLog example-config README COPYING.LGPL documentation.txt mkcert.sh solr-schema.xml

Ku-CentOS 7, iPostfix MTA ifakwa ngokuzenzakalela lapho sikhetha inketho ye-Infrastructure Server. Kufanele sihlole ukuthi umongo we-SELinux uvumela ukubhala kuPotfix kulayini womlayezo wendawo:

[impande @ linuxbox ~] # i-getsebool -a | i-postfix ye-grep
i-postfix_local_write_mail_spool -> on

Ukulungiswa ku-FirewallD

Sisebenzisa isikhombimsebenzisi sokuqhafaza ukumisa i-FirewallD, kufanele siqinisekise ukuthi izinsizakalo namachweba alandelayo anikwe amandla kuZoni ngayinye:

# ----------------------------------------------------- -----
# Ukulungiswa ku-FirewallD
# ----------------------------------------------------- -----
# I-Firewall
# Indawo Yomphakathi: http, https, imap, pop3, smtp services
# Izindawo zomphakathi: amachweba 80, 443, 143, 110, 25

Indawo engaphandle: http, https, imap, pop3s, smtp services
# Indawo engaphandle: amachweba 80, 443, 143, 995, 25

Sifaka iDovecot nezinhlelo ezidingekayo

[root @ linuxbox ~] # yum ukufaka i-dovecot mod_ssl procmail telnet

Ukucushwa okuncane kwe-Dovecot

[izimpande @ linuxbox ~] # nano /etc/dovecot/dovecot.conf
ama-protocol =imap pop3 lmtp
lalela =*, ::
ukungena_ukubingelela = IDovecot isilungile!

Sikhubaza ngokusobala ubuqiniso obucacile be-Dovecot:

[impande @ linuxbox ~] # nano /etc/dovecot/conf.d/10-auth.conf 
able_plaintext_auth = yebo

Simemezela iqembu elinamalungelo adingekayo okusebenzisana neDovecot, kanye nendawo yemiyalezo:

[impande @ linuxbox ~] # nano /etc/dovecot/conf.d/10-mail.conf
mail_location = mbox: ~ / mail: INBOX = / var / mail /% u
i-mail_privileged_group = imeyili
imeyili_access_groups = imeyili

Izitifiketi zeDovecot

IDovecot yakha ngokuzenzakalela izitifiketi zakho zokuhlola ngokuya ngemininingwane ekufayela /etc/pki/dovecot/dovecot-openssl.cnf. Ukwenza izitifiketi ezintsha zenziwe ngokuya ngezidingo zethu, kufanele senze lezi zinyathelo ezilandelayo:

[impande @ linuxbox ~] # cd / njll / pki / dovecot /
[izimpande @ linuxbox dovecot] # nano dovecot-openssl.cnf
[req] default_bits = 1024 encrypt_key = yebo ehlukile_name = req_dn x509_extensions = cert_type prompt = no [req_dn] # izwe (ikhodi yezinhlamvu ezi-2) C = CU # Igama Lombuso noma Lesifundazwe (igama eligcwele) ST = Cuba # Igama Lendawo (isib. idolobha ) L = Habana # Inhlangano (isib. Inkampani) O = FromLinux.Fan # Igama Leyunithi Yezinhlangano (isib. Isigaba) OU = Abathandekayo # Igama Elijwayelekile (* .example.com kungenzeka futhi) CN = *. Desdelinux.fan # E -mail imeyili yokuxhumanaAddress=buzz@desdelinux.fan [cert_type] nsCertType = iseva

Siqeda izitifiketi zokuhlola

[izimpande @ linuxbox dovecot] # rm certs / dovecot.pem 
rm: susa ifayili elijwayelekile "certs / dovecot.pem"? (y / n) y
[izimpande @ linuxbox dovecot] # rm yangasese / dovecot.pem 
rm: susa ifayili elijwayelekile elithi "private / dovecot.pem"? (y / n) y

Siyakopisha futhi sisebenzise iskripthi mkcert.sh kusuka enkombeni yemibhalo

[izimpande @ linuxbox dovecot] # cp /usr/share/doc/dovecot-2.2.10/mkcert.sh. [impande @ linuxbox dovecot] # bash mkcert.sh 
Idala ukhiye wangasese we-1024 bit RSA ...... +++++++ ................ ++++++ ukubhala ukhiye omusha wangasese ku - '/ etc / pki / dovecot / private / dovecot.pem '----- subject = /C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress= buzz@desdelinux.fan SHA1 Fingerprint = 5F: 4A: 0C: 44: EC: EC: EF: 95: 73: 3E: 1E: 37: D5: 05: F8: 23: 7E: E1: A4: 5A

[izimpande @ linuxbox dovecot] # ls -l izitifiketi /
inani elingu-4 -rw -------. Impande eyi-1 impande 1029 Meyi 22 16:08 dovecot.pem
[root @ linuxbox dovecot] # ls -l okuyimfihlo /
inani elingu-4 -rw -------. Impande eyi-1 impande 916 Meyi 22 16:08 dovecot.pem

[root @ linuxbox dovecot] # service dovecot restart
[root @ linuxbox dovecot] # isimo se-dovecot yesevisi

Izitifiketi zePostfix

[izimpande @ linuxbox ~] # cd / njll / pki / tls / [impande @ linuxbox tls] # openssl req -sha256 -x509 -nodes -newkey rsa: 4096 -days 1825 \ -out certs / desdelinux.fan.crt -keyout ngasese / desdelinux.fan.key

Khiqiza ukhiye wangasese we-RSA ongu-4096 ......... ++ .. ++ ubhala ukhiye omusha oyimfihlo ku 'private / domain.tld.key' ----- Usuzocelwa ukuthi ufake imininingwane lokho kuzofakwa esicelweni sakho sesitifiketi. Lokho osuzokufaka yilokho okubizwa ngegama elihlukanisiwe noma i-DN. Kunezinkambu ezimbalwa impela kepha ungashiya okunye kungenalutho Kwamanye amasimu kuzoba nenani elizenzakalelayo, Uma ufaka u '.', Inkambu izoshiywa ingenalutho. ----- Igama Lezwe (ikhodi yezinhlamvu ezi-2) [XX]: Igama lezwe le-CU noma igama lesifundazwe (igama eligcwele) []: Igama lendawo yaseCuba (isb. Idolobha) [Idolobha elizenzakalelayo]: Igama leNhlangano yeHabana (isib. Inkampani) [ I-Default Company Ltd]: I-DesdeLinux.Fan Igama Leyunithi Yezinhlangano (isb., Isigaba) []: Ama-Entusiasts Igama Elivamile (isb. Igama lakho noma igama lomethuleli wesiphakeli sakho] []: desdelinux.fan Ikheli le-imeyili []: buzz@desdelinux.fan

Ukumiswa okuncane kwe-Postfix

Sengeza ekugcineni kwefayela / njll / ama-aliases Okulandelayo:

impande: i-buzz

Ukuze ushintsho lusebenze sisebenzisa umyalo olandelayo:

[root @ linuxbox ~] # okusha

Ukucushwa kwePostifx kungenziwa ngokuhlela ngqo ifayili /etc/postfix/main.cf noma ngomyalo i-postconf -e ukunakekela ukuthi yonke ipharamitha esifuna ukuyiguqula noma ukuyifaka ibonakala kulayini owodwa wekhonsoli:

• Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.

[impande @ linuxbox ~] # postconf -e 'myhostname = desdelinux.fan'
[izimpande @ linuxbox ~] # postconf -e 'mydomain = desdelinux.fan'
[impande @ linuxbox ~] # postconf -e 'myorigin = $ mydomain'
[root @ linuxbox ~] # postconf -e 'inet_interfaces = konke'
[root @ linuxbox ~] # postconf -e 'mydestination = $ myhostname, localhost. $ mydomain, localhost, $ mydomain, imeyili. $ mydomain, www. $ mydomain, ftp. $ mydomain'

[impande @ linuxbox ~] # postconf -e 'mynetworks = 192.168.10.0/24, 172.16.10.0/24, 127.0.0.0/8'
[root @ linuxbox ~] # postconf -e 'ibhokisi leposi_command = / usr / bin / procmail -a "$ EXTENSION"'
[izimpande @ linuxbox ~] # postconf -e 'smtpd_banner = $ myhostname ESMTP $ mail_name ($ mail_version)'

Sengeza ekugcineni kwefayela /etc/postfix/main.cf izinketho ezinikezwe ngezansi. Ukwazi incazelo yazo ngayinye, sincoma ukuthi ufunde imibhalo ehambisana nayo.

ibiff = cha
i-append_dot_mydomain = cha
isikhathi sokulibazisa_isikhathi = 4h
i-readme_directory = cha
smtpd_tls_cert_file = / etc / pki / certs / desdelinux.fan.crt
smtpd_tls_key_file = / etc / pki / private / desdelinux.fan.key
smtpd_use_tls = yebo
smtpd_tls_session_cache_database = btree: $ {data_directory} / smtpd_scache
smtp_tls_session_cache_database = btree: $ {data_directory} / smtp_scache
smtpd_relay_restrictions = imvume_imvume yokusebenza kwamakhemikhali_sasl_authenticated defer_unauth_destination

# Usayizi webhokisi leposi ophezulu ama-megabyte ayi-1024 = 1 g no-g
ibhokisi leposi_size_limit = 1073741824

umamukeli_delimiter = +
maximal_queue_lifetime = 7d
header_checks = regexp: / etc / postfix / header_checks
body_checks = regexp: / etc / postfix / body_checks

# Ama-Akhawunti athumela ikhophi le-imeyili engenayo kwenye i-akhawunti
umamukeli_bcc_maps = hash: / etc / postfix / accounts_ forwarding_copy

Imigqa elandelayo ibalulekile ukuthola ukuthi ngubani ongathumela i-imeyili futhi ayidlulisele kwamanye amaseva, ukuze singamisi ngengozi i- "relay open" evumela abasebenzisi abangaqinisekisiwe ukuthumela imeyili. Kufanele sibheke amakhasi osizo wePostfix ukuqonda ukuthi inketho ngayinye isho ukuthini.

• Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.

smtpd_helo_restrictions = imvume_misebenzi yamanethiwekhi,
 xwayisa_uma_wenqaba igama_negama_fqdn_hostname,
 nqabela_igama_lingavumelekile_elisetshenzisiwe,
 imvume

smtpd_sender_restrictions = imvume_sasl_kuqinisekisiwe,
 imvume_i-network yami,
 xwayisa_uma_nqaba ukwenqaba_ngekho_fqdn_sender,
 nqabela_isizinda_esingaziwa_se-server,
 reject_unauth_ipipininging,
 imvume

smtpd_client_restrictions = ukwenqaba_rbl_client sbl.spamhaus.org,
 ukwenqaba_rbl_client blackholes.easynet.nl

# QAPHELA: Inketho "isheke_policy_service inet: 127.0.0.1: 10023"
# inika amandla uhlelo lwePostgrey, futhi akufanele silufake
# kungenjalo sizosebenzisa iPostgrey

smtpd_recipient_restrictions = reject_unauth_pipelining,
 imvume_i-network yami,
 imvume_sasl_aqinisekisiwe,
 ukwenqaba_ukungekho_fqdn_mamukeli,
 wenqaba_isizinda_esamukelayo_esingaziwa,
 nqabela_unauth_ukunqunyelwa,
 isheke_policy_service inet: 127.0.0.1: 10023,
 imvume

smtpd_data_restrictions = reject_unauth_pipelining

smtpd_relay_restrictions = reject_unauth_pipelining,
 imvume_i-network yami,
 imvume_sasl_aqinisekisiwe,
 ukwenqaba_ukungekho_fqdn_mamukeli,
 wenqaba_isizinda_esamukelayo_esingaziwa,
 nqabela_unauth_ukunqunyelwa,
 isheke_policy_service inet: 127.0.0.1: 10023,
 imvume
 
smtpd_helo_required = yebo
smtpd_delay_reject = yebo
khubaza_vrfy_command = yebo

Sakha amafayela / njll / postfix / body_checks y / etc / postfix / accounts_forwarding_copy, futhi siguqula ifayela / etc / postfix / header_checks.

• Ngamunye kufanele amemezele izinketho abaziqondayo nabazidingayo!.
  

[root @ linuxbox ~] # nano / etc / postfix / body_checks
# Uma leli fayela liguquliwe, akudingekile # ukwenza i-postmap # Ukuhlola imithetho, sebenzisa njengezimpande: # i-postmap -q 'v1agra entsha entsha' regexp: / etc / postfix / body_checks
# Kufanele ibuye: # NQABA umthetho # 2 Umzimba Womyalezo Ogaxekile Wokugaxekile
/ viagra / NQABA Umthetho # 1 Ugaxekile Omelene nomzimba womyalezo
/ super new v [i1] agra / REJECT Rule # 2 Umzimba womlayezo we-Anti Spam

[root @ linuxbox ~] # nano / etc / postfix / accounts_ ukudlulisa_copy
# Ngemuva kokuguqula, kufanele usebenzise: # i-postmap / etc / postfix / accounts_ forwarding_copy
# nefayela lidaliwe noma liyalinganiswa: # /etc/postfix/accounts_forwarding_copy.db
# ---------------------------------------------- # I-akhawunti eyodwa yokudlulisela eyodwa Ikhophi le-BCC # BCC = Ikhophi elimnyama leCarbon # Isibonelo: # webadmin@desdelinux.fan buzz@desdelinux.fan

[impande @ linuxbox ~] # i-postmap / etc / postfix / accounts_ forwarding_copy

[impande @ linuxbox ~] # nano / etc / postfix / header_checks
# Faka ekugcineni kwefayela # AKUDINGI I-Postmap njengoba kuyizichasiso ezijwayelekile
/ ^ Isihloko: =? Big5? / NQABA ukufaka ikhodi kwe-Chinese akwamukelwa yile seva
/ ^ Isihloko: =? I-EUC-KR? / NQABA ukufakwa kwikhodi kwesiKorea akuvunyelwe yile seva
/ ^ Isihloko: ADV: / REJECT Izikhangiso ezingamukelwa yile seva
/^Kusuka ku :.*\@.*\.cn/ YENZA Uxolo, imeyili yaseChina ayivunyelwe lapha
/^Kusuka ku :.*\@.*\.kr/ YENZA Uxolo, imeyili yaseKorea ayivunyelwe lapha
/^Kusukela ku :.*\@.*\.tr/ YENZA Uxolo, imeyili yaseTurkey ayivunyelwe lapha
/^Kusuka ku :.*\@.*\.ro/ YENZA Uxolo, imeyili yaseRomania ayivunyelwe lapha
/^(Umyalezo We -|Message-Id|X-(Mailer|Sender))::*\b(AutoMail|E-Broadcaster|Emailer Platinum | Thunder Server | eMarkman | Extractor | e-Merge | from stealth [^.] | IGlobal Messenger | GroupMaster | Mailcast | MailKing | Match10 | MassE-Mail | massmail \ .pl | News Breaker | Powermailer | Quick Shot | Ready Aim Fire | WindoZ | WorldMerge | Yourdora | Lite) \ b / YENQABA Awekho ama-mail mass avunyelwe.
/ ^ Kusuka ku: "spammer / REJECT
/ ^ Kusuka ku: "ugaxekile / WENQABILE
/^Subject:.*viagra/ IKHASI
# Izandiso eziyingozi
/ name = [^> Iluminación * \. (bat | cmd | exe | com | pif | reg | scr | vb | vbe | vbs) / YENQABA UKWENQABA Asizemukeli izinanyathiselwa ngalezi zandiso

Sihlola i-syntax, siqale kabusha i-Apache nePostifx, bese siyayivumela bese siqala iDovecot

[root @ linuxbox ~] # isheke postfix
[impande @ linuxbox ~] #

[root @ linuxbox ~] # systemctl qala kabusha i-httpd
[impande @ linuxbox ~] # systemctl isimo httpd

[root @ linuxbox ~] # systemctl qala kabusha postfix
[root @ linuxbox ~] # systemctl isimo postfix

[root @ linuxbox ~] # systemctl isimo dovecot
● dovecot.service - Iseva ye-imeyili ye-Dovecot IMAP / POP3 ilayishiwe: ilayishiwe (/usr/lib/systemd/system/dovecot.service; ikhutshaziwe; ukusethwa kabusha komthengisi: kukhutshaziwe) Kuyasebenza: akusebenzi (kufile)

[root @ linuxbox ~] # systemctl vumela i-dovecot
[root @ linuxbox ~] # systemctl qala i-dovecot
[root @ linuxbox ~] # systemctl qala kabusha i-dovecot
[root @ linuxbox ~] # systemctl isimo dovecot

Ukuhlolwa kwezinga le-Console

• Kubaluleke kakhulu ngaphambi kokuqhubeka nokufakwa nokulungiswa kwezinye izinhlelo, ukwenza ukuhlolwa okuncane okudingekayo kwezinsizakalo ze-SMTP ne-POP.

Local kusuka kuseva uqobo

Sithumela i-imeyili kumsebenzisi wendawo i-legolas.

[root @ linuxbox ~] # echo "Sawubona. Lona ngumyalezo wokuhlola" | mail -s "Test" legolas

Sihlola ibhokisi leposi le- i-legolas.

[izimpande @ linuxbox ~] # openssl s_client -crlf -connect 127.0.0.1: 110 -starttls pop3

Ngemuva komyalezo IDovecot ilungile! siyaqhubeka:

---
+ KULUNGILE iDovecot ilungile!
USER legolas + OK PASS legolas + OK Ungene ngemvume. STAT + OK 1 559 LIST + OK 1 imiyalezo: 1 559. I-RETR 1 + OK 559 octets Return-Path: I-X-Original-To: i-legolas Ikhululiwe-Ku: legolas@desdelinux.fan Kutholakele: ngu-desdelinux.fan (Postfix, kusuka ku-userid 0) id 7EA22C11FC57; Mon, 22 Meyi 2017 10: 47: 10 -0400 (EDT) Usuku: Mon, 22 May 2017 10: 47: 10 -0400 Ku: legolas@desdelinux.fan Isihloko: Isivivinyo se-User-Agent: Heirloom mailx 12.5 7/5 / Uhlobo lwe-10 lwe-MIME: 1.0 Uhlobo Lokuqukethwe: umbhalo / ithafa; charset = us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Kusuka ku: root@desdelinux.fan (impande) Sawubona. Lo umlayezo wokuhlola. SIYEKE UKWENZA
[impande @ linuxbox ~] #

Ama-Remote kusuka kukhompyutha eku-LAN

Masithumele omunye umyalezo ku i-legolas kusuka kwenye ikhompyutha kwi-LAN. Qaphela ukuthi ukuphepha kwe-TLS akudingeki ngokuqinile ngaphakathi kwenethiwekhi ye-SME.

buzz @ sysadmin: ~ $ sendemail -f buzz@deslinux.fan \
-t legolas@desdelinux.fan \
-u "Sawubona" ​​\
-m "Sanibonani uLegolas ovela kumngani wakho uBuzz" \
-s mail.desdelinux.fan -o tls = cha
Meyi 22 10:53:08 sysadmin sendemail [5866]: I-imeyili ithunyelwe ngempumelelo!

Uma sizama ukuxhuma nge Telnet Kusuka kumsingathi ku-LAN - noma kwi-Intanethi, kunjalo - kuya eDovecot, okulandelayo kuzokwenzeka ngoba sikhubaza ubuqiniso bokubhala okusobala:

buzz @ sysadmin: ~ $ telnet mail.fromlinux.fan 110Siyazama 192.168.10.5 ...
Ixhunywe ku-linuxbox.fromlinux.fan. Uhlamvu lokuphunyuka ngu-'^]'. + KULUNGILE iDovecot ilungile! i-legolas yomsebenzisi
-ERR [AUTH] Ukufakazela ubuqiniso ngokusobala akuvunyelwe ekuxhumekeni okungavikelekile (i-SSL / TLS).
Yeka + KULUNGILE Ukuphuma ku-Connection kuvalwe umphathi wasemazweni.
buzz @ sysadmin: ~ $

Kumele sikwenze konke ukuvula. Umphumela ophelele womyalo uzoba:

buzz @ sysadmin: ~ $ openssl s_client -crlf -xhuma i-imeyili.fromlinux.fan:110 -starttls pop3
KUXHUNYIWE (00000003)
ukujula = 0 C = CU, ST = Cuba, L = Havana, O = KusukaLinux.Fan, OU = Abathanda, CN = * .fromlinux.fan, emailAddress = buzz@desdelinux.fan
Qinisekisa iphutha: num = 18: isitifiketi esizisayinele qinisekisa ukubuya: 1
deep = 0 C = CU, ST = Cuba, L = Havana, O = FromLinux.Fan, OU = Abathanda, CN = * .fromlinux.fan, emailAddress = buzz@fromlinux.fan qinisekisa ukubuya: 1
--- I-chain chain 0 s: /C=CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN = *. Desdelinux.fan/emailAddress=buzz@desdelinux.fan i: / C =CU/ST=Cuba/L=Habana/O=DesdeLinux.Fan/OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan --- Isitifiketi seseva ----- BEGIN CERTIFICATE-- --- MIICyzCCAjSgAwIBAgIJAKUHI / 2ZD + MeMA0GCSqGSIb3DQEBBQUAMIGbMQswCQYD VQQGEwJDVTENMAsGA1UECBMEQ3ViYTEPMA0GA1UEBxMGSGFiYW5hMRcwFQYDVQQK Ew5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECxMLRW50dXNpYXN0YXMxGTAXBgNVBAMU ECouZGVzZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51 eC5mYW4wHhcNMTcwNTIyMjAwODEwWhcNMTgwNTIyMjAwODEwWjCBmzELMAkGA1UE BhMCQ1UxDTALBgNVBAgTBEN1YmExDzANBgNVBAcTBkhhYmFuYTEXMBUGA1UEChMO RGVzZGVMaW51eC5GYW4xFDASBgNVBAsTC0VudHVzaWFzdGFzMRkwFwYDVQQDFBAq LmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu ZmFuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7wckAiNNfYSz5hdePzKuZ BNK m2MMuhGDvwrDSPDEcVutznbZSgJ9bvTo445TR + + + nBmqxzJbpc OZ80lujS2hP XR7E9eWIXxr4fP4HpRrCA8NxlthEsapVMSHW + lnPBqF2b / Bt2eYyR7g JhtlP6gRG V57MmgL8BdYAJLvxqxDIxQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJ KoZIhvcNAQEFBQADgYEAAuYU1nIXTbXtddW + QkLskum7ESryHZonKOCelfn2vnRl 8oAgHg7Hbtg / e6sR / W9m3DObP5DEp3lolKKIKor7ugxtfA4PBtmgizddfDKKMDql LT + MV5 / DP1pjQbxTsaLlZfveNxfLRHkQY13asePy4fYJFOIZ4OojDEGQ6 / VQBI8 = ----- ----- UKUPHELA CERTIFICATE kuncike = / C = CU / ST = Cuba / L = Havana / O = DesdeLinux.Fan /OU=Entusiasts/CN=*.desdelinux.fan/emailAddress=buzz@desdelinux.fan mthumeli = / C = CU / ST = Cuba / L = Habana / O = DesdeLinux.Fan / OU = Entusiasts / CN = *. Desdelinux .fan / emailAddress = buzz @ desdelinux.fan --- Asikho isitifiketi seklayenti lamagama e-CA esithunyelwe ukhiye we-Server Temp: ECDH, secp384r1, 384 bits --- Ukuxhawulana kwe-SSL sekufunde ama-byte ayi-1342 futhi kwabhalwa ama-byte angama-411-- New, TLSv1 / SSLv3 , I-Cipher yi-ECDHE-RSA-AES256-GCM-SHA384 ukhiye womphakathi we-Server yi-1024 bit Renegotiation Secure IS Support Compression: NONE Expension: NONE SSL-Session: Protocol: TLSv1.2 Cipher: ECDHE-RSA-AES256-GCM-SHA384 Session- I-ID: C745B4A0236204E16234CB15DC9CDBC3D084125FF5989F5DB6C5295BF4E2D73A Iseshini-ID-ctx: Master-Key : 1904D204C564B76361CEA50373F8879AF793AF7D7506C04473777F6F3503A9FD919CD1F837BC67BFF29E309F352526F5 Key-Arg: None Krb5 Principal: None 300 PSK ungubani: None PSK ungubani ukusikisela: HS 0000F4F3A8FD29CD7F4BC63BFF72E7F6F4 Key-Arg: None Krb7 Principal: None 1 PSK ungubani: None PSK ungubani ukusikisela: HS XNUMXTLS session XNUMX imizuzwana XNUMX f Akekho XNUMX session XNUMX f Nonec ithikithi XNUMX imizuzwana XNUMX FXNUMXFXNUMX ithikithi ec XNUMXe XNUMXc N :.) zOcr ... O .. ~.
 0010 - 2c d4 kube a8 kube 92 2e ae-98 7e 87 6d 45 c5 17 a8, ........ ~ .mE ...
 0020 - db 3a 86 80 df 8b dc 8d-f8 1f 68 6e db a7 e3 86 .: ........ hn ....
 0030 - 08 35 e5 eb 98 b8 a4 98-68 b1 ea f7 72 f7 c1 79 .5 ...... h ... r..y 0040 - 89 4a 28 e3 85 a4 8b da-e9 7a 29 c7 77 bf 22 0d .J (...... z) .w. ".
 0050 - bd 5c f6 61 8c a1 14 bd-cb 31 27 66 7a dc 51 28. \. A ..... 1'fz.Q (0060 - b7 de 35 bd 2b 0f d4 ec-d3 e0 14 c8 65 03 b1 35 ..5. + ....... e..5 0070 - 38 34 f8 de 48 da ae 31-90 bd f6 b0 e6 9c cf 19 84..H..1 ..... ...
 0080 - f5 42 56 13 88 b0 8c db-aa ee 5a d7 1b 2c dd 71 .BV ....... Z ..,. Q 0090 - 7a f1 03 70 90 94 c9 0a-62 e5 0f 9c bf dc 3c a0 z..p .... b ..... <.

+ KULUNGILE iDovecot ilungile!
USER i-legolas
+ KULUNGILE
I-PASS legolas
+ KULUNGILE Ungene ngemvume.
LIST
+ Kulungile 1 imilayezo: 1 1021.
I-RETR 1
+ OK 1021 octet Return-Path: I-X-Original-To: legolas@desdelinux.fan Kulethwe-Ku: legolas@desdelinux.fan Kutholakele: kusuka sysadmin.desdelinux.fan (isango [172.16.10.1]) ngu-desdelinux.fan (Postfix) nge-ESMTP id 51886C11E8C0 ye- ; Mon, 22 Meyi 2017 15: 09: 11 -0400 (EDT) Umlayezo-ID: <919362.931369932-sendEmail@sysadmin> Kusuka ku: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan" Isihloko: Usuku Sawubona: Mon, 22 May 2017 19: 09: 11 + 0000 X-Mailer: sendEmail-1.56 MIME-Version: 1.0 Content-Type: multipart / related; umngcele = "---- Isilinganisi se-MIME se-sendEmail-365707.724894495" Lona umlayezo onezigaba eziningi ngefomethi ye-MIME. Ukuze ubonise kahle lo mlayezo udinga uhlelo lwe-imeyili oluhambisana ne-MIME-Version 1.0. Isihlukanisi se-MIME se-sendEmail-365707.724894495 Type-Type: text / plain; charset = "iso-8859-1" Content-Transfer-Encoding: 7bit Sanibonani uLegolas ovela kumngani wakho uBuzz ------ MIME delimiter for sendEmail-365707.724894495--.
QUIT
+ KULUNGILE Ukuphuma. kuvaliwe
buzz @ sysadmin: ~ $

I-Squirrelmail

I-Squirrelmail iklayenti lewebhu elibhalwe ngokuphelele ku-PHP. Kubandakanya ukusekelwa kwendabuko kwe-PHP kwama-protocol we-IMAP ne-SMTP, futhi kunikezela ngokuhambisana okuphezulu neziphequluli ezahlukahlukene ezisetshenziswayo. Isebenza kahle kunoma iyiphi iseva ye-IMAP. Inakho konke ukusebenza okudingayo kusuka kuklayenti le-imeyili kufaka phakathi ukusekelwa kwe-MIME, incwadi yamakheli nokuphathwa kwefolda.

[root @ linuxbox ~] # yum ukufaka squirrelmail
[root @ linuxbox ~] # service httpd qala kabusha

[izimpande @ linuxbox ~] # nano /etc/squirrelmail/config.php
$ domain = 'desdelinux.fan';
$ imapServerAddress = 'mail.fromlinux.fan';
$ imapPort = 143;
$ smtpServerAddress = 'desdelinux.fan';

[root @ linuxbox ~] # service httpd layisha kabusha

I-DNS Send Policy Framenwork noma irekhodi le-SPF

Esihlokweni Iseva ye-NSD Authoritarian DNS Server + Shorewall Sibone ukuthi i- "desdelinux.fan" Zone ihlelwe kanjena:

impande @ ns: ~ # nano /etc/nsd/desdelinux.fan.zone
$ ORIGIN kusuka ku-linux.fan. $ TTL 3H @ IN SOA ns.fromlinux.fan. impande.fromlinux.fan. (1; i-serial 1D; vuselela i-1H; zama kabusha i-1W; iphelelwa yisikhathi i-3H); ubuncane noma; Isikhathi sokugcina isikhashana sokuphila; @ IN NS ns.fromlinux.fan. @ IN MX 10 imeyili.fromlinux.fan.
@ IN TXT "v = spf1 a: mail.desdelinux.fan -all"
; ; Log ukuze uxazulule imibuzo yokumba kusuka ku- linux.fan @ IN A 172.16.10.10; ns IN A 172.16.10.30 mail IN CNAME kusuka linux.fan. xoxa NGO-CNAME kusuka ku-linux.fan. www IN CNAME kusuka ku-linux.fan. ; ; Amarekhodi e-SRV ahlobene ne-XMPP
_xmpp-server._tcp IN SRV 0 0 5269 kusuka ku-linux.fan. _xmpp-client._tcp IN SRV 0 0 5222 kusuka ku-linux.fan. _jabber._tcp IN SRV 0 0 5269 kusuka ku-linux.fan.

Kubhaliswa kuyo kubhaliswa:

@ IN TXT "v = spf1 a: mail.desdelinux.fan -all"

Ukuze sibe nepharamitha efanayo elungiselelwe i-SME Network noma i-LAN, kufanele siguqule ifayela lokumiswa le-Dnsmasq ngokulandelayo:

# TXT amarekhodi. Futhi singamemezela irekhodi le-SPF txt-record = desdelinux.fan, "v = spf1 a: mail.desdelinux.fan -all"

Ngemuva kwalokho siqala kabusha insiza:

[root @ linuxbox ~] # service dnsmasq restart
[root @ linuxbox ~] # service dnsmasq status [root @ linuxbox ~] # host -t TXT mail.fromlinux.fan mail.fromlinux.fan iyi-alias ye- fromlinux.fan. umbhalo ochazayo we-desdelinux.fan "v = spf1 a: mail.desdelinux.fan -all"

Izitifiketi Zokuzisayinela kanye ne-Apache noma i-httpd

Noma isiphequluli sakho sikutshela ukuthi «Umnikazi we imeyili.fromlinux.fan Uyilungiselele ngokungafanele iwebhusayithi yakho. Ukuvikela imininingwane yakho ukuthi intshontshwe, iFirefox ayixhunyiwe kule webhusayithi ”, isitifiketi esakhiwe ngaphambilini KUVUMELEKILE, Futhi kuzovumela imininingwane phakathi kweklayenti neseva ukuthi ihambe ibethelwe, ngemuva kokuthi samukele isitifiketi.

Uma ufisa, futhi njengendlela yokuhlanganisa izitifiketi, ungamemezela ku-Apache izitifiketi ezifanayo ozimemezele ngePostfix, okulungile.

[impande @ linuxbox ~] # nano /etc/httpd/conf.d/ssl.conf
I-SSLCertificateFile /etc/pki/tls/certs/desdelinux.fan.crt
I-SSLCertificateKeyFile /etc/pki/tls/private/desdelinux.fan.key

[impande @ linuxbox ~] # isevisi httpd iqala kabusha
[impande @ linuxbox ~] # isimo se-httpd yesevisi

Iqembu le-Diffie-Hellman

Isihloko Sokuphepha siba nzima nsuku zonke kwi-Intanethi. Okunye kokuhlasela okuvame kakhulu ekuxhumaneni I-SSL, iyona I-Logjam futhi ukuvikela ngokumelene nayo kuyadingeka ukwengeza amapharamitha angajwayelekile ekucushweni kwe-SSL. Kulokhu kukhona ifayela le- I-RFC-3526 «Okuningi Modular Exponential (MODP) UDiffie-Hellman Amaqembu ye-Internet Key Exchange (IKE)".

[izimpande @ linuxbox ~] # cd / njll / pki / tls /
[root @ linuxbox tls] # openssl dhparam -kuyimfihlo / dhparams.pem 2048
[izimpande @ linuxbox tls] # chmod 600 yangasese / dhparams.pem

Ngokwenguqulo ye-Apache esiyifakile, sizosebenzisa i-Diffie-Helman Group kusuka kufayela /etc/pki/tls/dhparams.pem. Uma kunguhlobo 2.4.8 noma kamuva, lapho-ke kuzofanele sengeze kufayela /etc/httpd/conf.d/ssl.conf umugqa olandelayo:

SSLOpenSSLConfCmd DHParameters "/etc/pki/tls/private/dhparams.pem"

Uhlobo lwe-Apache olusisebenzisayo yile:

[izimpande @ linuxbox tls] # yum info httpd
Ama-plugins alayishiwe: i-fastestmirror, ama-langpacks alayisha isivinini sesibuko kusuka kufayela eligcinwe ngesinye isibukezo Amaphakheji afakiwe Igama: httpd Architecture: x86_64
Inguqulo: 2.4.6
Ukukhishwa: 45.el7.centos Usayizi: 9.4 M Indawo yokugcina: efakwe Kusuka endaweni yokugcina: Isifinyezo se-Base-Repo: I-Apache HTTP Server URL: http://httpd.apache.org/ Ilayisense: ASL 2.0 Incazelo: Iseva ye-Apache HTTP inamandla , esebenza kahle, futhi enwebekayo: iseva yewebhu.

Njengoba sinenguqulo ngaphambi kuka-2.4.8, sifaka ekugcineni kwesitifiketi se-CRT esakhiwe ngaphambili, okuqukethwe kweQembu le-Diffie-Helman:

[izimpande @ linuxbox tls] # ikati eliyimfihlo / dhparams.pem >> izitifiketi / desdelinux.fan.crt

Uma ufuna ukubheka ukuthi amapharamitha we-DH afakwe kahle yini kusitifiketi se-CRT, yenza le miyalo elandelayo:

[izimpande @ linuxbox tls] # ikati eliyimfihlo / dhparams.pem 
----- QALA DH IZIMPAHLA -----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- END DH IZIMPAHLA -----

[izimpande @ linuxbox tls] # amakhekhe amakati / desdelinux.fan.crt 
-----BEGIN CERTIFICATE-----
MIIGBzCCA++gAwIBAgIJANd9FLCkDBfzMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYD
VQQGEwJDVTENMAsGA1UECAwEQ3ViYTEPMA0GA1UEBwwGSGFiYW5hMRcwFQYDVQQK
DA5EZXNkZUxpbnV4LkZhbjEUMBIGA1UECwwLRW50dXNpYXN0YXMxFzAVBgNVBAMM
DmRlc2RlbGludXguZmFuMSIwIAYJKoZIhvcNAQkBFhNidXp6QGRlc2RlbGludXgu
ZmFuMB4XDTE3MDUyMjE0MDQ1MloXDTIyMDUyMTE0MDQ1MlowgZkxCzAJBgNVBAYT
AkNVMQ0wCwYDVQQIDARDdWJhMQ8wDQYDVQQHDAZIYWJhbmExFzAVBgNVBAoMDkRl
c2RlTGludXguRmFuMRQwEgYDVQQLDAtFbnR1c2lhc3RhczEXMBUGA1UEAwwOZGVz
ZGVsaW51eC5mYW4xIjAgBgkqhkiG9w0BCQEWE2J1enpAZGVzZGVsaW51eC5mYW4w
ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCn5MkKRdeFYiN+xgGdsRn8
sYik9X75YnJcbeZrD90igfPadZ75ehtfYIxxOS+2U+omnFgr/tCKYUVJ50seq/lB
idcLP4mt7wMrMZUDpy1rlWPOZGKkG8AdStCYI8iolvJ4rQtLcsU6jhRzEXsZxfOb
O3sqc71yMIj5qko55mlsEVB3lJq3FTDQAY2PhXopJ8BThW1T9iyl1HlYpxj7OItr
/BqiFhxbP17Fpd3QLyNiEl+exVJURYZkvuZQqVPkFAlyNDh5I2fYfrI9yBVPBrZF
uOdRmT6jv6jFxsBy9gggcy+/u1nhlKssLBEhyaKfaQoItFGCAmevkyzdl1LTYDPY
ULi79NljQ1dSwWgraZ3i3ACZIVO/kHcOPljsNxE8omI6qNFWqFd1qdPH5S4c4IR1
5URRuwyVNffEHKaCJi9vF9Wn8LVKnN/+5zZGRJA8hI18HH9kF0A1sCNj1KKiB/xe
/02wTzR/Gbj8pkyO8fjVBvd/XWI8EMQyMc1gvtIAvZ00SAB8c1NEOCs5pt0Us6pm
1lOkgD6nl90Dx9p805mTKD+ZcvRaShOvTyO3HcrxCxOodFfZQCuHYuQb0dcwoK2B
yOwL77NmxNH1QVJL832lRARn8gpKoRAUrzdTSTRKmkVrOGcfvrCKhEBsJ67Gq1+T
YDLhUiGVbPXXR9rhAyyX2QIDAQABo1AwTjAdBgNVHQ4EFgQURGCMiLVLPkjIyGZK
UrZgMkO0X8QwHwYDVR0jBBgwFoAURGCMiLVLPkjIyGZKUrZgMkO0X8QwDAYDVR0T
BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAdy1tH1DwfCW47BNJE1DW8Xlyp+sZ
uYTMOKfNdnAdeSag1WshR6US6aCtU6FkzU/rtV/cXDKetAUIzR50aCYGTlfMCnDf
KKMZEPjIlX/arRwBkvIiRTU1o3HTniGp9d3jsRWD/AvB3rSus4wfuXeCoy7Tqc9U
FaXqnvxhF8/ptFeeCeZgWu16zyiGBqMj4ZaQ7RxEwcoHSd+OByg8E9IE2cYrWP2V
6P7hdCXmw8voMxCtS2s++VRd1fGqgGxXjXT8psxmY2MrseuTM2GyWzs+18A3VVFz
UXLD2lzeYs638DCMXj5/BMZtVL2a4OhMSYY4frEbggB3ZgXhDDktUb7YhnBTViM3
2sgJJOSTltOgAnyOPE0CDcyktXVCtu3PNUc+/AB3UemI9XCw4ypmTOMaIZ2Gl6Uo
pmTk41fpFuf8pqW3ntyu43lC5pKRBqhit6MoFGNOCvFYFBWcltpqnjsWfY2gG/b5
8D5HsedueqkAsVblKPBFpv1BB9X0HhBUYsrz8jNGZGbkgR4XQoIoLbQZHEB35APU
4yT1Lzc3jk34yZF5ntmFt3wETSWwJZ+0cYPw7n4E6vbs1C7iKAMQRVy+lI5f8XYS
YKfrieiPPdmQ22Zm2Tbkqi4zjJBWmstrw6ezzAQNaaAkiOiJIwvXU81KYsN37THh
Nf0/JsEjPklCugE=
-----END CERTIFICATE-----
-----BEGIN DH PARAMETERS-----
MIIBCAKCAQEAnwfWSlirEuMwJft0hgAdB0km9d3qGGiErRXPfeZU+Tqp/ZFOCdzP
/O6NeXuHI4vnsTDWEAjXmpRzq/z1ZEWQa6j+l1PgTgk2XqaMViD/gN+sFPnx2EmV
keVcMDqG03gnmCgO9R4aLYT8uts5T6kBRhvxUcrk9Q7hIpGCzGtdgwaVf1cbvgOe
8kfpc5COh9IxAYahmNt+5pBta0SDlmoDz4Rk/4AFXk2mjpDYoizaYMPeIInGUzOv
/LE6Y7VVRY/BJG9EZ5pVYJPCruPCUHkhvm+r9Tt56slk+HE2d52uFRSDd2FxK3n3
cN1vJ5ogsvmHayWUjVUA18LLfGSxEFsc4wIBAg==
----- END DH IZIMPAHLA -----

Ngemuva kwalezi zinguquko, kufanele siqale kabusha izinsizakalo zePostfix ne-httpd:

[root @ linuxbox tls] # service postfix restart
[root @ linuxbox tls] # isimo se-postfix yesevisi
[izimpande @ linuxbox tls] # service httpd restart
[root @ linuxbox tls] # service httpd isimo

Ukufakwa kweQembu le-Diffie-Helman kuzitifiketi zethu ze-TLS kungenza ukuxhuma nge-HTTPS kuhamba kancane, kepha ukwengeza ukuphepha kukufanele.

Ihlola i-squirrelmail

BESE ukuthi izitifiketi zenziwe kahle nokuthi siqinisekisa ukusebenza kwazo okulungile njengoba senzile ngemiyalo yekhonsoli, khomba isiphequluli sakho osithandayo ku-URL http://mail.desdelinux.fan/webmail futhi izoxhuma kuklayenti lewebhu ngemuva kokwamukela isitifiketi esihambisanayo. Qaphela ukuthi noma ucacisa umthetho olandelwayo we-HTTP, uzoqondiswa kabusha ku-HTTPS, futhi lokhu kungenxa yezilungiselelo ezizenzakalelayo zokunikezwa kwe-CentOS ze-Squirrelmail. Bona ifayela /etc/httpd/conf.d/squirrelmail.conf.

Mayelana namabhokisi eposi womsebenzisi

IDovecot idala amabhokisi eposi e-IMAP kufolda ikhaya yomsebenzisi ngamunye:

[izimpande @ linuxbox ~] # ls -la /home/legolas/mail/.imap/
ingqikithi ye-12 drwxrwx ---. Ama-5 we-legolas mail 4096 Meyi 22 12:39. i-drwx ------. I-3 legolas legolas 75 Meyi 22 11:34 .. -rw -------. I-1 legolas legolas 72 Meyi 22 11: 34 dovecot.mailbox.log -rw -------. I-1 legolas legolas 8 Meyi 22 12:39 dovecot-uidvalidity -r - r - r--. I-1 legolas legolas 0 Meyi 22 10:12 dovecot-uidvalidity.5922f1d1 drwxrwx ---. I-2 legolas mail 56 Meyi 22 10:23 INBOX drwx ------. 2 i-legolas legolas 56 Meyi 22 12:39 Ithunyelwe i-drwx ------. 2 legolas legolas 30 Meyi 22 11:34 Udoti

Futhi zigcinwa ku- / var / mail /

[root @ linuxbox ~] # ngaphansi / var / mail / legolas
Kusuka ku-MAILER_DAEMON ngoMsombuluko ngoMeyi 22 10:28:00 2017 Usuku: NgoMsombuluko, ngomhla ka-22 Meyi 2017 10: 28: 00 -0400 Kusuka ku: Imeyili Yesistimu Yangaphakathi Isihloko: UNGASUSI LOMLAYEZO - I-FOLDER INTERNAL DATA Message-ID: <1495463280 @ linuxbox> X-IMAP: 1495462351 0000000008 Isimo: RO Lo mbhalo uyingxenye yefomethi yangaphakathi yefolda yakho yeposi, futhi akuwona umyalezo wangempela . Idalwe ngokuzenzakalela yisoftware yeposi. Uma isusiwe, idatha yefolda ebalulekile izolahleka, futhi izokwakhiwa kabusha ngokusethwa kabusha kwedatha kumanani okuqala. Kusuka ku- root@desdelinux.fan Mon May 22 10:47:10 2017 Return-Path: I-X-Original-To: i-legolas Ikhululiwe-Ku: legolas@desdelinux.fan Kutholakele: ngu-desdelinux.fan (Postfix, kusuka ku-userid 0) id 7EA22C11FC57; Mon, 22 Meyi 2017 10: 47: 10 -0400 (EDT) Usuku: Mon, 22 May 2017 10: 47: 10 -0400 Ku: legolas@desdelinux.fan Isihloko: Isivivinyo se-User-Agent: Heirloom mailx 12.5 7/5 / Uhlobo lwe-10 lwe-MIME: 1.0 Uhlobo Lokuqukethwe: umbhalo / ithafa; charset = us-ascii Content-Transfer-Encoding: 7bit Message-Id: <20170522144710.7EA22C11FC57@desdelinux.fan> Kusuka ku: root@desdelinux.fan (impande) X-UID: 7 Isimo: RO Sawubona. Lona ngumyalezo wokuhlola ovela ku-buzz@deslinux.fan ngoMsombuluko 22 Meyi 10:53:08:2017 172.16.10.1 Buyisela Indlela: I-X-Original-To: legolas@desdelinux.fan Kulethwe-Ku: legolas@desdelinux.fan Kutholakele: kusuka sysadmin.desdelinux.fan (isango [184]) ngu-desdelinux.fan (Postfix) ne-ESMTP id C11DC57FC22 ye- ; Mon, 2017 Meyi 10 53: 08: 0400 -739874.219379516 (EDT) Umlayezo-ID: <22-sendEmail@sysadmin> Kusuka ku: "buzz@deslinux.fan" Ku: "legolas@desdelinux.fan" Isihloko: Usuku Lokubingelela: Mon, 2017 May 14 53: 08: 0000 + 1.56 X-Mailer: sendEmail-1.0 MIME-Version: 794889.899510057 Content-Type: multipart / related; umngcele = "---- umkhawulo we-MIME we-sendEmail-XNUMX
/ var / mail / legolas

Isifinyezo sezinkonzo ze-PAM

Sibheke umnyombo weMailserver futhi sagcizelela kancane ezokuphepha. Siyethemba ukuthi i-athikili isebenza njengendawo yokungena esihlokweni esinzima futhi esingahle senze amaphutha njengoba kungukuqaliswa kweServer Mail ngesandla.

Sisebenzisa ukuqinisekiswa komsebenzisi kwasendaweni ngoba uma silifunda kahle lelo fayela /etc/dovecot/conf.d/10-auth.conf, sizobona ukuthi ekugcineni kufakiwe -ngokuzenzakalelayo- ifayela lokufakazela ubuqiniso labasebenzisi bohlelo zihlanganisa auth-system.conf.ext. Impela leli fayela lisitshela enhlokweni yalo ukuthi:

[root @ linuxbox ~] # ngaphansi /etc/dovecot/conf.d/auth-system.conf.ext
# Ukufakazela ubuqiniso kwabasebenzisi bohlelo. Kufakiwe kusuka ku-10-auth.conf. # # # # Ukuqinisekiswa kwe-PAM. Ezikhethwayo kulezi zinsuku ngezinhlelo eziningi.
I- # PAM isetshenziswa kakhulu nge-userdb passwd noma i-userdb static. # KHUMBULA: Uzodinga /etc/pam.d/dovecot ifayela elenzelwe ukuqinisekiswa kwe-PAM # ukuze lisebenze empeleni. i-passdb {driver = pam # [session = yebo] [setcred = yebo] [failure_show_msg = yebo] [max_requests = ] # [ukhiye_ wenqolobane = ] [ ] #args = i-dovecot}

Futhi elinye ifayili likhona /etc/pam.d/dovecot:

[impande @ linuxbox ~] # ikati /etc/pam.d/dovecot 
#% I-PAM-1.0 i-auth edingekayo pam_nologin.so i-auth ifaka i-akhawunti ye-password-auth ifaka iseshini ye-password-auth ifaka ne-password-auth

Yini esizama ukuyidlulisa ngokuqinisekiswa kwe-PAM?

• I-CentOS, i-Debian, i-Ubuntu, nokunye okuningi kwe-Linux okufaka i-Postifx ne-Dovecot ngokuqinisekiswa kwasendaweni okunikwe amandla ngokuzenzakalela.
• Ama-athikili amaningi ku-Intanethi asebenzisa i-MySQL - futhi muva nje iMariaDB - ukugcina abasebenzisi nenye idatha ephathelene neMailserver. KODWA lawa amaseva ezinkulungwane zabasebenzisi, hhayi i-SME Network yakudala ene - mhlawumbe - amakhulu wabasebenzisi.
• Ukufakazela ubuqiniso nge-PAM kuyadingeka futhi kwanele ukuhlinzeka ngezinsizakalo zenethiwekhi inqobo nje uma zisebenza kuseva eyodwa njengoba sibonile kulezi zinsizakalo.
• Abasebenzisi abagcinwe kudathabheyisi ye-LDAP bangafakwa kumephu sengathi bangabasebenzisi bendawo, futhi ukufakazela ubuqiniso be-PAM kungasetshenziswa ukuhlinzeka ngezinsizakalo zenethiwekhi ezivela kumaseva e-Linux ahlukahlukene asebenza njengamakhasimende e-LDAP kuseva emaphakathi yokufakazela ubuqiniso. Ngale ndlela, sizosebenza ngemininingwane yabasebenzisi egcinwe enkabeni yedatha yeseva ye-LDAP, futhi ngeke KUBALULEKILE ukugcina i-database enabasebenzisi bendawo.

Kuze adventure olandelayo!