Shigar iRedMail (Cikakken Sabar Saƙon Saƙo) tare da Wuraren Tsare-tsare, Webmail, SpamAssassin & ClamAV a cikin Linux

Bayan sabis na HTTP da inuwa DNS, mail (SMTP, POP, IMAP da duk ƙa'idodin saƙon saƙon da ke da alaƙa) ɗaya ne daga cikin sabis ɗin da aka fi amfani da shi a Intanet, sannan kuma, ɗaya daga cikin mafi hankali, saboda sabar saƙon spam da buɗaɗɗen sabar saƙo.

Wannan koyawa za ta jagorance ku ta hanyar shigar da cikakken sabar sabar tare da software na MTA, MDA da MUA a cikin 'yan mintoci kaɗan akan RHEL, CentOS, Linux na Kimiyya da Debian, Ubuntu, Linux Mint tare da Postfix, Virtual Domains da Masu amfani tare da MySQL, Dovecot - goyon baya ga POP3/POP3S, IMAP/IMAPS, Roundcube – Webmail da kuma, mail spam da virus scanning tare da SpamAssassin da ClamAV, duk an shigar ta amfani da guda software kunshin da ake kira 'iRedMail'.

iRedMail shine cikakken bayani na sabar sabar saƙo mai buɗewa wanda zai iya ɓata lokaci mai yawa don masu gudanar da tsarin don daidaitawa mai rikitarwa, yana da goyan baya ga duk manyan rarraba Linux da jiragen ruwa tare da fakitin Linux masu zuwa.

  1. Postfix: Sabis na SMTP – MTA na asali.
  2. Dovecot: POP3/POP3S, IMAP/IMAPS, Sarrafa sabis - MDA tsoho.
  3. Apache: Sabar Yanar Gizo.
  4. MySQL/PostgreSQL: Ajiye bayanan aikace-aikacen da/ko asusun wasiku.
  5. OpenLDAP: Ajiye asusun wasiku.
  6. Policyd: Sabar manufofin Postfix.
  7. Amavisd: Mai mu'amala tsakanin Postfix da SpamAssassin, ClamAV. Ana amfani da shi don bincikar spam da ƙwayoyin cuta.
  8. Roundcube: Webmail – tsoho MUA.
  9. Awstats: Apache da Postfix log analyzer.
  10. Fail2ban: yana bincika fayilolin log (misali /var/log/maillog) kuma ya hana IPs masu nuna yunƙurin tsarin mugunta.

  1. Ƙarancin shigarwa na CentOS 6.5 - Jagoran Shigarwa na CentOS 6.5
  2. Rikodin MX mai inganci na DNS wanda ke nuna sabar saƙon ku da ke da alhakin sunan yankinku.

Hakanan, an tsara wannan koyawa don dalilai na gwaji da ilmantarwa kawai kuma baya amfani da ingantattun bayanan MX, ko ingantaccen yanki na DNS, duk saitunan ana yin su a cikin gida ta amfani da masu karɓa na zahiri tare da MySQL (na iya karɓa ko aika wasiku tsakanin masu amfani da yankin gida kawai. - sunan yankin da aka bayar daga fayil ɗin runduna) amma ku sani cewa, kodayake tsarinmu ba zai iya karɓar wasiku daga wuraren intanet ba, yana iya aika wasiƙun wasiƙu zuwa waɗancan sabar saƙon yanki ta hanyar Postfix MTA, koda kuwa kuna zaune a sararin adireshin IP mai zaman kansa. , Ba tare da ingantaccen rikodin MX ba da amfani da yanki na almara, don haka kula sosai ga abin da kuke yi.

Mataki 1: Tsarin Farko na Farko da Adireshin IP a tsaye

1. Bayan ka fara yin reboot ka shiga cikin asusunka na root sannan ka tabbatar da na’urarka ta zamani da kuma shigar da wasu fakiti masu amfani da ake bukata don amfani daga baya.

# yum update && yum upgrade
# yum install nano wget bzip2
# apt-get update && apt-get upgrade
# apt-get install nano wget bzip2

2. Saboda wannan akwatin yana aiki kamar Mail Server, ana buƙatar saita IP na tsaye akan Interface Interface. Don ƙara tsayayyen IP buɗe kuma shirya fayil ɗin daidaitawar NIC ɗinku da ke kan /etc/sysconfig/network-scripts/ hanya kuma ƙara waɗannan dabi'u masu zuwa.

# nano /etc/sysconfig/network-scripts/ifcfg-eth0

Yi amfani da wannan fayil ɗin azaman samfuri kuma musanya shi tare da ƙimar da aka keɓance ku.

DEVICE="eth0"
BOOTPROTO="static"
HWADDR="00:0C:29:01:99:E8"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="7345dd1d-f280-4b9b-a760-50208c3ef558"
NAME="eth0"
IPADDR=192.168.1.40
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
DNS2=8.8.8.8

Bayan kun gama gyara fayil ɗin NIC ɗinku, buɗe fayil ɗin cibiyar sadarwa daga wuri ɗaya da ke sama sannan ku ƙara sunan uwar garken da bai cancanta ba akan umarnin HOSTNAME.

# nano /etc/sysconfig/network-scripts/network
# nano /etc/network/interfaces

Sauya dabi'u masu zuwa tare da saitunan ku.

auto eth0
iface eth0 inet static
  address 192.168.1.40
  netmask 255.255.255.0
  gateway 192.168.1.1
  dns-nameservers 192.168.1.1
  dns-search 8.8.8.8

Da zarar, kun gama da fayil ɗin cibiyar sadarwar ku, yanzu ƙara sunan mai masaukinku a cikin /etc/hostname file.

# nano /etc/hostnames

3. Sai ka bude /etc/resolv.conf file sannan ka dora tsarin sabar IP dinka na DNS mai fadi kamar a hoton da ke kasa.

# nano /etc/resolv.conf

Ƙara abun ciki mai zuwa tare da sabobin sunan da kuka fi so.

search mydomain.lan
nameserver 8.8.8.8
nameserver 8.8.8.8

4. Bayan an rubuta duk saitunan da ke sama zuwa ga fayilolin da suka dace ta sake farawa sabis na cibiyar sadarwar ku don amfani da sabbin saitunan kuma tabbatar da shi ta amfani da ping da ifconfig umarni.

# service network restart	[On RedHat based systems]

# service networking restart	[On Debian based systems]
# ifconfig

5. Yanzu da tsayayyen cibiyar sadarwar ku ta cika aiki, gyara /etc/hosts fayil kuma ƙara sunan mai masaukin da bai cancanta ba da FQDN kamar misalin da ke ƙasa.

# nano /etc/hosts
127.0.0.1   centos.mydomain.lan centos localhost localhost.localdomain
192.168.1.40 centos.mydomain.lan centos

Don tabbatar da batun daidaita sunan mai masaukinku, gudanar da sunan mai masauki da sunan mai masauki –f umarni.

# hostname
# hostname -f

6. Wani fakiti mai amfani shine bash-completion (cikakken umarni ta atomatik ta amfani da maɓallin [Tab]) wanda ma'ajiyar EPEL ke bayarwa a ƙarƙashin tsarin tushen RedHat sannan sabunta tushen ku. .

# rpm –Uvh http://fedora.mirrors.romtelecom.ro/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# yum repolist && yum upgrade

Bayan an sabunta tushen ku shigar da kayan aiki bash-completion (amsa Ee akan duk tambayoyin).

# yum install bash-completion

Za'a iya shigar da fakitin kammala bash a ƙarƙashin tsarin tushen Debian cikin sauƙi ta amfani da bin umarni.

# apt-get install bash-completion

7. Mataki na ƙarshe shine ƙara mai amfani da tsarin tare da tushen gata. Da farko ƙara mai amfani kuma saita kalmar wucewa.

# adduser your_user
# passwd your_user

Bayan an ƙara mai amfani da ku, buɗe fayil ɗin /etc/sudoers da rukunin % wheel, sannan ƙara sabon mai amfani da ku zuwa rukunin ƙafafun.

# nano /etc/sudoers

Bincika kuma layin rukunin ƙungiyar mara ƙarfi don yin kama da wannan.

%wheel                ALL=(ALL)            ALL

Rufe fayil ɗin kuma ƙara mai amfani da ku zuwa ƙungiyar masu ba da umarni mai zuwa.

# usermod -aG wheel your_user

8. Kafin mu fara zazzagewa da shigar da manhajojin iRedMail, sai ku sake kunna tsarin, sannan ku shiga tare da sabon mai amfani da ku kuma ku tabbata komai yana aiki sosai.

Mataki 2: Shigar iRedMail

9. Domin saukar da kunshin kayan tarihin iRedMail dole ne ku ziyarci sashin shafin zazzagewa na hukuma ko kuma kuna iya amfani da wget umarni don saukar da sigar ƙarshe ( 0.8.7 a lokacin saukarwa). rubuta wannan labarin).

# wget https://bitbucket.org/zhb/iredmail/downloads/iRedMail-0.8.7.tar.bz2

10. Bayan iRedMail archive download ya gama, cire shi ta amfani da umarni mai zuwa.

# tar xvjf iRedMail-0.8.7.tar.bz2

11. Sa'an nan kuma shigar da sabuwar hanyar iRedMail directory, yi alamar iRedMail.sh rubutun tare da izini mai aiwatarwa sannan kunna shi.

# cd iRedMail-0.8.7
# chmod +x iRedMail.sh
# sudo ./iRedMail.sh

12. Bayan farko tsarin duba shirin zai fara ƙara da ake bukata ma'ajiyar sa'an nan jagora na farko da sauri ya tambaye ka ko kana so ka ci gaba da shigarwa ko zubar da ciki. Zaɓi Ee don ci gaba.

13. iRedMail yana amfani da tsarin Maildir don adana imel akan hanyar tsarin /var/vmail inda yake ƙirƙirar kundayen adireshi daban-daban na kowane yanki da kuka haɗa akan sabar MTA ɗinku. Idan kun gamsu da wannan hanyar danna Na gaba don ci gaba tare da saitunan uwar garken sauran samar da wurin da kuke so sannan Na gaba.

14. A mataki na gaba zaɓi ka fi son bayanan bayanai don adana sunaye da masu karɓa waɗanda za su haɗa zuwa Postfix. Wannan koyawa ta mayar da hankali kan bayanan MySQL, don haka zaɓi MySQL ta amfani da mashigin [Space] sannan ku ci gaba da Na gaba kuma samar da kalmar sirri mai ƙarfi don tushen asusun MySQL.

15. A mataki na gaba ƙara sunan yankinku na farko na kama-da-wane. Idan kun mallaki sunan yanki mai rijista da aka ƙara anan (ƙara sunan yankin kawai ba tsarin FQDN ba).

16. Ta hanyar tsoho iRedAdmin yana ƙirƙirar mai amfani mai gudanarwa tare da cikakken iko akan uwar garken ku wanda za'a iya shiga ta hanyar iRedAdmin panel ko ta hanyar Dovecot ladabi (default Roundcube webmail interface ko duk wani software na IMAP/POP MUA kamar SquirrelMail, Rainloop, Microsoft Outlook, Mozilla Thunderbird, Juyin Halitta, Mutt, Elm da dai sauransu).

Hakanan tsarin yana amfani da wannan asusun gudanarwa na postmaster don ba da rahoton abubuwan da suka faru da suka shafi ayyukan wasiƙa ko wasu gazawar tsarin ko bayanai masu amfani - logwatch yawanci yana aika kididdigar sa anan- don haka zaɓi kalmar sirri mai ƙarfi kuma ci gaba da Na gaba.

17. A mataki na gaba zaɓi sauran abubuwan sabar sabar sabar ku kamar iRedAdmin hukuma gudanarwa na hukuma zuwa Postfix, maɓallin yanki DKIM - ( yana ƙara sa hannu ga taken saƙo yana kimanta amincin saƙo don isar da saƙon ƙarshe ko ƙarin relays), Roundcube tsoho gidan yanar gizon yanar gizo (idan kun shirya. don amfani da sauran Wakilin Isar da Saƙon skip Roundcube ), PhpMyadmin (idan kuna jin daɗin layin umarni MySQL ya kamata ku tsallake shigar da PhpMyAdmin), Awstats (ƙididdigar log mai amfani da mai nazari), Fail2ban (yana kare sabar ku daga hare-haren ƙarfi).

18. A jerin tambayoyi na gaba, dangane da abubuwan da aka zaɓa na zaɓin da aka shigar, yakamata ku amsa da Ee. Kula da iRedMail.tips fayil da ke kan $HOME da aka fitar saboda yana ƙunshe da bayanan sabar saƙo mai mahimmanci kamar sunayen masu amfani da kalmomin shiga don aikace-aikacen uwar garken, fayilolin saitunan uwar garken, URL na asali da sauran muhimman bayanai.

19. Bayan shigarwa ya ƙare sake yi tsarin ku kuma tabbatar da iRedmail.tips fayil don ganin tsoffin saitunan uwar garken ku - yakamata ku matsar da wannan fayil ɗin zuwa amintaccen hanyar tsarin tare da izini 600 akansa. .

20. Shiga tsoffin aikace-aikacen gidan yanar gizo akan URL masu zuwa.

  1. Sakon Yanar Gizo na Roundcube - https://domain_name ko uwar garken_IP/mail/
  2. IRedAdmin panel - https://domain_name ko uwar garken_IP/iredadmin/
  3. PhpMyadmin - https://domain_name or server_IP /phpmyadmin/
  4. Awstats - https://domain_name ko server_IP/awstats/awstats.pl?config=web (ko ?config=smtp)
  5. Policyd anti-spam plugin - https://domain_name or server_IP/cluebringer/

Mataki 3: Na farko Tsarin Saƙonni na Yanar Gizo

21. iRedAdmin administration panel yana ba da babban hanyar haɗin yanar gizon yanar gizon yanar gizon inda za ku iya ƙara yankuna masu kama-da-wane da asusun don sabar saƙon ku wanda Postfix zai iya ɗauka ta hanyar MySQL backend. Don shiga cikin iRedAdmin panel nuna burauzar ku zuwa https://domain_name/iredadmin/ ko https://server_IP/iredadmin/ URL kuma yi amfani da tsoffin takaddun shaida.

  1. Sunan mai amfani: [email kare]_domain_name.tld
  2. Password: kalmar sirrin gidan waya saita akan maki #16

22. Don ƙara mai amfani kewaya zuwa Add -> User sannan ka samar da adireshin imel da kalmar sirri da kake so. Hakanan zaka iya saita adadin sararin akwatin saƙo na mai amfani da ku tare da Quota kuma kuna iya haɓaka masu amfani da ikon gudanarwa akan rukunin iRedAdmin ta Mai amfani da alama azaman mai gudanarwa na Duniya.

23. Masu amfani da karatun imel suna samar da imel ta hanyar yanar gizo na Roundcube. Don samun dama gare shi kewaya zuwa https://domain_name/mail ko https://server_IP/mail/ URL kuma a samar da takaddun shaidar asusun imel ɗinku ta hanyar [ imel mai kariya].

Samun shiga tsohon mai kula da wasiku na asusun gudanarwa za ku sami imel na farko guda biyu, ɗaya daga cikinsu gami da mahimman bayanan sabar ku. Daga nan zaku iya karanta imel, tsarawa da aika wasiku zuwa wasu masu amfani da yanki.

24. Don samun damar uwar garken Manufofin hana spam na Policiyd kewaya zuwa https://domain_name/cluebringer ko https://server_IP/cluebringer/ kuma bayar da waɗannan takaddun shaida.

  1. Sunan mai amfani: [email kare]
  2. Password: kalmar sirrin gidan waya

25. Don duba ƙididdigar sabar saƙon ku kewaya zuwa https://mydomain.lan/awstats/awstats.pl/?config=smtp ko https://mydomain.lan/awstats/awstats .plkuma ku yi amfani da waɗannan takaddun shaida.

  1. Sunan mai amfani: [email kare]
  2. Password: kalmar sirrin gidan waya

26. Idan kuna son bincika haɗin haɗin uwar garken ku da kuma sauraron yanayin daemon tare da sockets ɗin su suna ba da umarni masu zuwa.

# netstat -tulpn   ## numerical view
# netstat -tulp    ## semantic view

27. Don cire wasu matsaloli tare da ma'amalar wasiku ko duba uwar garken ku kai tsaye tana aiki zaku iya amfani da umarni masu zuwa.

# tailf /var/log/maillog   ## visualize mail logs in real time
# mailq    		   ##  inspect mail queue
# telnet    		   ## test your server protocols and security form a different location
# nmap                     ## scan your server opened connections from different locations

28. Yanzu kun ƙaddamar da cikakken yanayin mail, kawai abin da ya ɓace, aƙalla akan wannan batu shine sunan yanki mai aiki tare da rikodin MX DNS don karɓar wasiku daga wasu wuraren intanet amma SMTP na gida. uwar garken zai iya kuma zai isar da saƙo a kan wasu wuraren aiki na Intanet don haka kula da wanda kuke aika wasiku saboda za ku iya shiga cikin matsalolin da ba bisa ka'ida ba tare da ISP ɗinku.

Daga hoton da ke ƙasa za ku ga cewa na aika imel daga yankina mara inganci zuwa ɗaya daga cikin asusuna na google.com kuma asusuna na google ya sami nasarar karɓar imel ɗin.

Ba kamar sauran sabis na cibiyar sadarwa ba inda ka shigar kuma ka manta game da su na dogon lokaci sarrafa sabar saƙon aiki ne mai wuyar gaske saboda matsalolin sabis na saƙo kamar SPAM, buɗaɗɗen relay da bounces saƙo.

Rubutun Magana

iRedMail Homepage