Yadda ake Saita Sabar Sabis na Postfix da Dovecot tare da Database (MariaDB) Amintaccen - Part 1

A cikin wannan jerin jigo 3 za mu tattauna yadda ake saita sabar saƙon Postfix tare da riga-kafi da kariyar spam a cikin akwatin CentOS 7. Lura cewa waɗannan umarnin kuma suna aiki akan sauran rabawa kamar RHEL/Fedora da Debian/Ubuntu.

Shirinmu ya ƙunshi adana asusun imel da laƙabi a cikin bayanan MariaDB wanda shine don dacewarmu, za a sarrafa ta phpMyAdmin.

Idan ka zaɓi kada ka shigar da phpMyAdmin, ko kuma kuna mu'amala da uwar garken CLI-kawai, za mu kuma samar da kwatankwacin lambar don ƙirƙirar tebur ɗin bayanan da za a yi amfani da su cikin wannan jerin.

Tun da kiyaye sabar saƙon saƙo yana aiki ɗaya daga cikin mahimman ayyuka waɗanda galibi ana ba da su ga masu gudanar da tsarin da injiniyoyi, za mu kuma ba da wasu ƴan shawarwari don gudanar da wannan muhimmin sabis ɗin cikin ingantaccen yanayi a cikin yanayin samarwa.

Ƙirƙiri A da MX Records don Domain a cikin DNS

Kafin a ci gaba, akwai wasu buƙatun da dole ne a cika su:

1. Kuna buƙatar ingantaccen yanki mai rijista ta wurin mai rejista. A cikin wannan jerin za mu yi amfani da www.linuxnewz.com, wanda aka yi rajista ta hanyar GoDaddy.

2. Irin wannan yanki dole ne a nuna shi zuwa IP na waje na VPS ko mai ba da sabis na girgije. Idan kai ne ke ɗaukar sabar saƙon ku, zaku iya amfani da sabis ɗin da FreeDNS ke bayarwa (yana buƙatar rajista).

A kowane hali, dole ne ka saita A da MX rikodin don yankinku kuma (zaku iya ƙarin koyo game da rikodin MX a cikin wannan FAQ daga Google).

Da zarar an ƙara, zaku iya duba su ta amfani da kayan aikin kan layi kamar MxToolbox ko ViewDNS don tabbatar da an saita su yadda yakamata.

Muhimmi: Lura cewa yana iya ɗaukar ɗan lokaci (kwanaki 1-2) har sai an yada bayanan DNS kuma yankinku yana samuwa. A halin yanzu, zaku iya samun dama ga VPS ta hanyar adireshin IP ɗin sa don aiwatar da ayyukan da aka nuna a ƙasa.

3. Sanya FQDN (Cikakken Sunan Domain Cancantar) na VPS ɗin ku:

# hostnamectl set-hostname yourhostname

don saita sunan mai masaukin tsarin, sannan a gyara /etc/hosts kamar haka (maye gurbin AAA.BBB.CCC.DDD, sunan mai masaukinku, da yankinku tare da IP na jama'a na uwar garken ku, sunan mai masaukinku, da yankinku mai rijista):

AAA.BBB.CCC.DDD yourhostname.yourdomain.com       yourhostname

inda sunan mai masaukin ku shine sunan tsarin tsarin da aka saita a baya ta amfani da umarnin hostnamectl.

Shigar da Fakitin Software da ake buƙata

4. Don shigar da fakitin software da ake buƙata kamar Apache, Postfix, Dovecot, MariaDB, PhpMyAdmin, SpamAssassin, ClamAV, da sauransu, kuna buƙatar kunna maajiyar EPEL:

# yum install epel-release

5. Da zarar kun bi matakan da ke sama, shigar da abubuwan da suka dace:

# yum update && yum install httpd httpd-devel postfix dovecot dovecot-mysql spamassassin clamav clamav-scanner clamav-scanner-systemd clamav-data clamav-update mariadb mariadb-server php phpMyAdmin

# aptitude update && aptitude install apache2 postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql spamassassin clamav clamav-daemon clamav-base mariadb-client mariadb-server php5 phpMyAdmin

6. Fara kuma kunna gidan yanar gizo da sabar bayanai:

# systemctl enable httpd mariadb
# systemctl start httpd mariadb

# systemctl enable apache2 mariadb
# systemctl start apache2 mariadb

Lokacin da shigarwa ya cika kuma sabis ɗin da ke sama ya kunna kuma yana gudana, za mu fara ta hanyar saita bayanan bayanai da teburi don adana bayanai game da asusun imel na Postfix.

Ƙirƙirar Database Data Accounts Mail Mail

Don sauƙi, za mu yi amfani da phpMyAdmin, kayan aiki da aka yi niyya don sarrafa sarrafa bayanan MySQL/MariaDB ta hanyar yanar gizo, don ƙirƙira da sarrafa bayanan imel.

Koyaya, don shiga da amfani da wannan kayan aikin, muna buƙatar bin waɗannan matakan:

7. Kunna asusun MariaDB (zaku iya yin haka ta hanyar gudanar da mysql_secure_installation mai amfani daga layin umarni, sanya kalmar sirri don tushen mai amfani, da saita saitunan tsoho da kayan aiki suka gabatar SAI Kada tushen shiga daga nesa. ?:

ko in ba haka ba ƙirƙirar sabon mai amfani da bayanai:

MariaDB [(none)]> CREATE USER 'dba'@'localhost' IDENTIFIED BY 'YourPasswordHere';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON * . * TO 'dba'@'localhost';
MariaDB [(none)]> FLUSH PRIVILEGES;

Tabbatar da Apache tare da Takaddun shaida

8. Tun da za mu yi amfani da aikace-aikacen yanar gizo don sarrafa bayanan uwar garken imel, muna buƙatar ɗaukar matakan da suka dace don kare haɗin kai zuwa uwar garke. In ba haka ba, takaddun shaidar mu na phpMyAdmin za su yi tafiya a sarari rubutu akan waya.

Don saita Tsaro Layer Tsaro (TLS) a cikin uwar garken ku, bi matakan da aka zayyana a Sashe na 8 na jerin RHCE: Aiwatar da HTTPS ta hanyar TLS ta amfani da Sabis na Tsaro na hanyar sadarwa (NSS) don Apache kafin ci gaba.

Lura: idan ba ku da damar yin amfani da na'urar wasan bidiyo na uwar garken kuna buƙatar nemo wata hanya don samar da ingantaccen entropy yayin ƙirƙirar maɓalli. A wannan yanayin, kuna iya yin la'akari da shigar da kayan aikin rng da gudu rngd -r /dev/urandom.

Sanya kuma Aminta PhpMyAdmin

9. A cikin /etc/httpd/conf.d/phpMyAdmin.conf (CentOS) ko /etc/phpmyadmin/apache.conf (Debian and derivatives), gano duk abubuwan da suka faru na wadannan layukan kuma tabbatar sun nuna IP na jama'a. na uwar garken ku:

Require ip AAA.BBB.CCC.DDD
Allow from AAA.BBB.CCC.DDD

Bugu da ƙari, musaki tsoffin laƙabi kuma ƙirƙirar sabo don samun damar shiga shafin shiga na phpMyAdmin. Wannan zai taimaka wajen amintar da rukunin yanar gizon daga bots da maharan waje waɗanda ke hari www.yourdomain.com/phpmyadmin ko www.yourdomain.com/phpMyAdmin.

#Alias /phpMyAdmin /usr/share/phpMyAdmin
#Alias /phpmyadmin /usr/share/phpMyAdmin
Alias /managedb /usr/share/phpMyAdmin

Hakanan, ƙara layi mai zuwa a cikin :

Require all granted

Ƙirƙiri Apache VirtualHost don Domain

10. Tabbatar cewa an ƙara yankinku zuwa wuraren da aka kunna. Ƙirƙiri /etc/httpd/sites-available/linuxnewz.com.conf (CentOS) ko /etc/apache2/sites-available/linuxnewz.com (Debian) tare da abubuwan da ke biyowa (tabbatar da DocumentRoot, shafukan- akwai, da shafuka Akwai kundayen adireshi:

<VirtualHost *:80>
    ServerName www.linuxnewz.com
    ServerAlias linuxnewz.com
    DocumentRoot /var/www/linuxnewz.com/public_html
    ErrorLog /var/www/linuxnewz.com/error.log
    CustomLog /var/www/linuxnewz.com/requests.log combined
    Options Indexes FollowSymLinks
</VirtualHost>

da mahadar ta alama:

# ln -s /etc/httpd/sites-available/linuxnewz.com.conf /etc/httpd/sites-enabled/linuxnewz.com.conf

# a2ensite linuxnewz.com

kuma kun gama.

Saita Bayanan Bayanan Imel na Postfix

11. Yanzu za ka iya bude your phpMyAdmin dubawa a https://www.yourdomain.com/managedb (bayanin kula cewa managedb ne alias da muka kafa a baya ga phpMyAdmin bayanai directory).

Idan hakan bai yi aiki ba (wanda zai iya haifar da jinkiri a cikin yaduwa ko rashin daidaita bayanan DNS) na ɗan lokaci zaku iya gwada amfani da adireshin IP na jama'a na uwar garken maimakon www.yourdomain.com:

A kowane hali, bayan kun shiga phpMyAdmin za ku ga abin dubawa mai zuwa. Danna Sabo a sashin hagu:

Shigar da suna don rumbun adana bayanai (EmailServer_db a wannan yanayin, babu buƙatar zaɓar Haɗin kai) kuma danna Ƙirƙiri:

12. A allon na gaba, zaɓi suna don tebur na farko (inda za mu adana wuraren da wannan sabar sabar za ta sarrafa.

Lura cewa ko da a cikin wannan silsilar za mu sarrafa yanki ɗaya kawai, zaku iya ƙarawa daga baya) da adadin filayen da kuke so a ciki, sannan danna Go. Za a sa ka yi suna da kuma daidaita waɗannan filayen guda biyu, inda za ka iya ci gaba da aminci kamar yadda aka nuna a cikin hotuna masu zuwa:

Lokacin da kuka zaɓi PRIMARY a ƙarƙashin Index don DomainId, karɓi tsoffin ƙimar kuma danna Go:

A madadin, zaku iya danna Preview SQL don ganin lambar a ƙarƙashin hular:

CREATE TABLE `EmailServer_db`.`Domains_tbl` ( `DomainId` INT NOT NULL AUTO_INCREMENT , `DomainName` VARCHAR(50) NOT NULL , PRIMARY KEY (`DomainId`)) ENGINE = InnoDB;

Lokacin da ka shirya, danna Ajiye don tabbatar da canje-canje. Daga nan za ku iya danna Sabo a ƙarƙashin EmailServer_db don ci gaba da ƙirƙirar tebur:

13. Yanzu bi waɗannan matakan don ƙirƙirar sauran teburin. Danna kan shafin SQL kuma shigar da lambar da aka nuna don kowane abu na bayanai.

Lura cewa a wannan yanayin mun zaɓi ƙirƙirar tebur ta amfani da tambayar SQL saboda alaƙar da dole ne a kafa tsakanin tebur daban-daban:

CREATE TABLE `Users_tbl` ( 
    `UserId` INT NOT NULL AUTO_INCREMENT,  
    `DomainId` INT NOT NULL,  
    `password` VARCHAR(100) NOT NULL,  
    `Email` VARCHAR(100) NOT NULL,  
    PRIMARY KEY (`UserId`),  
    UNIQUE KEY `Email` (`Email`),  
    FOREIGN KEY (DomainId) REFERENCES Domains_tbl(DomainId) ON DELETE CASCADE 
) ENGINE = InnoDB; 

Ya kamata ku sami saƙon tabbatarwa (idan ba haka ba, phpMyAdmin zai faɗakar da kurakuran syntax):

CREATE TABLE `Alias_tbl` (
    `AliasId` INT NOT NULL AUTO_INCREMENT, 
    `DomainId` INT NOT NULL, 
    `Source` varchar(100) NOT NULL, 
    `Destination` varchar(100) NOT NULL, 
    PRIMARY KEY (`AliasId`), 
    FOREIGN KEY (DomainId) REFERENCES Domains_tbl(DomainId) ON DELETE CASCADE
) ENGINE = InnoDB;

(Danna Go a ƙasa don ci gaba da ƙirƙirar tebur).

Har zuwa wannan batu, ya kamata ku sami tsarin bayanan bayanai masu zuwa:

Wanda ke nufin kun shirya don fara ƙara wasu bayanai a sashe na gaba.

Ƙirƙirar Domain Postfix, Masu amfani da Laƙabi

14. Yanzu za mu shigar da waɗannan bayanan a cikin tebur uku. Za a rufaffen kalmomin shiga na [email kare] sannan kuma shigar da bayanan Users_tbl.

Hakanan, lura cewa imel ɗin da aka aika zuwa [email kare]:

INSERT INTO Domains_tbl (DomainName) VALUES ('linuxnewz.com');  
INSERT INTO Users_tbl (DomainId, password, Email) VALUES (1, ENCRYPT('PasswordForFirstEmailAccount', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email ');  
INSERT INTO Users_tbl (DomainId, password, Email) VALUES (1, ENCRYPT('PasswordForSecondEmailAccount', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email ');  
INSERT INTO Alias_tbl (DomainId, Source, Destination) VALUES (1, '[email ', '[email ');

Bayan mun kara yankinmu, asusun masu amfani guda biyu, da imel da aka yi wa lakabi da muna shirye don ci gaba da saita sabar imel ɗin mu a cikin labarin na gaba na wannan silsilar, inda za mu daidaita Dovecot da Postfix.

Takaitawa

A cikin wannan labarin mun jera fakitin da ake buƙata don shigar da sabar imel na Postfix a cikin CentOS 7 VPS, kuma mun bayyana yadda ake sarrafa bayanan da ke ƙasa ta amfani da phpMyAdmin.

A cikin kasidu biyu masu zuwa za mu sake nazarin tsarin tsarin shirye-shiryen guda biyu da za su kula da rarraba imel don yankinmu (Sashe na 2) da kuma nuna muku yadda ake ƙara kariya daga spam da ƙwayoyin cuta (Sashe na 3) don uwar garken ku.

Har sai lokacin, jin kyauta don tuntuɓar mu ta amfani da fom ɗin da ke ƙasa idan kuna da wasu tambayoyi ko sharhi.