Bii o ṣe le Ṣeto Olupin Ifiranṣẹ Postfix ati Dovecot pẹlu Database (MariaDB) Ni aabo - Apakan 1
Ninu jara 3-nkan yii a yoo jiroro bawo ni a ṣe le ṣeto olupin meeli Postfix pẹlu antivirus ati aabo àwúrúju ninu apoti CentOS 7 kan. Jọwọ ṣe akiyesi awọn itọnisọna wọnyi tun ṣiṣẹ lori awọn pinpin miiran bi RHEL/Fedora ati Debian/Ubuntu.
Ero wa ni titoju awọn iroyin imeeli ati awọn aliasi ni ibi ipamọ data MariaDB eyiti o jẹ fun irọrun wa, yoo ṣakoso nipasẹ phpMyAdmin.
Ti o ba yan lati ma fi sori ẹrọ phpMyAdmin, tabi ti o n ṣepọ pẹlu olupin CLI-nikan, a yoo tun pese koodu deede lati ṣẹda awọn tabili ibi ipamọ data ti yoo ṣee lo jakejado jara yii.
Niwọn igba ti fifi olupin meeli kan si oke ati ṣiṣe jẹ ọkan ninu awọn iṣẹ ṣiṣe pataki ti a maa n fi sọtọ si awọn alakoso eto ati awọn onimọ-ẹrọ, a yoo tun pese awọn imọran diẹ lati mu ṣiṣe iṣẹ pataki yii daradara ni agbegbe iṣelọpọ kan.
Ṣẹda Awọn igbasilẹ A ati MX fun Aṣẹ ni DNS
Ṣaaju ki o to tẹsiwaju siwaju, awọn ohun iṣaaju diẹ wa ti o gbọdọ pade:
1. Iwọ yoo nilo iforukọsilẹ ti o wulo ti o forukọsilẹ nipasẹ alakoso agbegbe kan. Ninu jara yii a yoo lo www.linuxnewz.com , eyiti o forukọsilẹ nipasẹ GoDaddy.
2. Iru agbegbe bẹẹ gbọdọ tọka si IP ita ti VPS rẹ tabi olupese gbigba awọsanma. Ti o ba gbalejo olupin olupin meeli rẹ, o le lo iṣẹ ti a funni nipasẹ FreeDNS (nilo iforukọsilẹ).
Ni eyikeyi iṣẹlẹ, o ni lati ṣeto A ati MX awọn igbasilẹ fun agbegbe rẹ bakanna (o le kọ diẹ sii nipa awọn igbasilẹ MX ni FAQ yii lati Google).
Lọgan ti o ba ṣafikun, o le wo wọn nipa lilo irinṣẹ ori ayelujara gẹgẹbi MxToolbox tabi ViewDNS lati rii daju pe wọn ṣeto daradara.
Pataki: Jọwọ ṣe akiyesi pe o le gba igba diẹ (ọjọ 1-2) titi awọn igbasilẹ DNS yoo fi tan kaakiri ati pe agbegbe rẹ wa. Ni asiko yii, o le wọle si VPS rẹ nipasẹ adirẹsi IP rẹ lati ṣe awọn iṣẹ ṣiṣe ti a tọka si isalẹ.
3. Ṣe atunto FQDN (Orukọ Aṣẹ Pipe Ni kikun) ti VPS rẹ:
# hostnamectl set-hostname yourhostname
lati ṣeto orukọ olupin eto, lẹhinna satunkọ/ati be be/awọn ogun bi atẹle (rọpo AAA.BBB.CCC.DDD, orukọ rẹ, ati yourdomain pẹlu IP ti gbogbogbo ti olupin rẹ, orukọ olupin rẹ, ati agbegbe ti o forukọsilẹ):
AAA.BBB.CCC.DDD yourhostname.yourdomain.com yourhostname
nibiti orukọ rẹhosthost jẹ orukọ orukọ olupin ti a ṣeto tẹlẹ ni lilo aṣẹ hostnamectl.
Fifi Awọn idii Sọfitiwia Ti a beere sii
4. Lati fi awọn idii sọfitiwia ti a beere sii bii Apache, Postfix, Dovecot, MariaDB, PhpMyAdmin, SpamAssassin, ClamAV, ati bẹbẹ lọ, o nilo lati jẹki ibi ipamọ EPEL:
# yum install epel-release
5. Lọgan ti o ba ti tẹle awọn igbesẹ ti o wa loke, fi awọn idii to wulo sii:
# yum update && yum install httpd httpd-devel postfix dovecot dovecot-mysql spamassassin clamav clamav-scanner clamav-scanner-systemd clamav-data clamav-update mariadb mariadb-server php phpMyAdmin
# aptitude update && aptitude install apache2 postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-mysql spamassassin clamav clamav-daemon clamav-base mariadb-client mariadb-server php5 phpMyAdmin
6. Bẹrẹ ati mu ki oju opo wẹẹbu ati awọn olupin data ṣiṣẹ:
# systemctl enable httpd mariadb # systemctl start httpd mariadb
# systemctl enable apache2 mariadb # systemctl start apache2 mariadb
Nigbati fifi sori ba pari ati pe iṣẹ ti o wa loke wa ni sise ati ṣiṣe, a yoo bẹrẹ ni pipa nipa ṣeto ipilẹ data ati awọn tabili lati tọju alaye nipa awọn iroyin ifiweranṣẹ Postfix.
Ṣiṣẹda aaye data Awọn ifiweranṣẹ ifiweranse Postfix
Fun ayedero, a yoo lo phpMyAdmin, ọpa ti a pinnu lati mu iṣakoso ti awọn apoti isura data MySQL/MariaDB nipasẹ wiwo wẹẹbu kan, lati ṣẹda ati ṣakoso ibi ipamọ data imeeli.
Sibẹsibẹ, lati wọle si ati lo irinṣẹ yii, a nilo lati tẹle awọn igbesẹ wọnyi:
7. Jeki akọọlẹ MariaDB (o le ṣe eyi nipa ṣiṣe ohun elo mysql_secure_installation lati ila aṣẹ, fifun ni ọrọigbaniwọle fun gbongbo olumulo, ati siseto awọn eto aiyipada ti a dabaa nipasẹ ọpa YATO “Ko gba wiwọle si root latọna jijin ? “:
tabi bibẹẹkọ ṣẹda olumulo ibi ipamọ data tuntun:
MariaDB [(none)]> CREATE USER 'dba'@'localhost' IDENTIFIED BY 'YourPasswordHere'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON * . * TO 'dba'@'localhost'; MariaDB [(none)]> FLUSH PRIVILEGES;
Apache ti o ni aabo pẹlu Iwe-ẹri kan
8. Niwọn igba ti a yoo lo ohun elo wẹẹbu lati ṣakoso ibi ipamọ data olupin imeeli, a nilo lati ṣe awọn iṣọra pataki lati daabobo awọn isopọ si olupin naa. Bibẹẹkọ, awọn iwe eri phpMyAdmin wa yoo rin irin-ajo ni ọrọ pẹtẹlẹ lori okun waya.
Lati ṣeto Aabo Layer Transport (TLS) ninu olupin rẹ, tẹle awọn igbesẹ ti a ṣe ilana ni Apá 8 ti jara RHCE: Ṣiṣe HTTPS nipasẹ TLS nipa lilo Iṣẹ Aabo Nẹtiwọọki (NSS) fun Apache ṣaaju ṣiṣe siwaju.
Akiyesi: ti o ko ba ni iwọle si itọnisọna ti olupin iwọ yoo nilo lati wa ọna miiran lati ṣe agbekalẹ entropy ti o yẹ lakoko ẹda bọtini. Ni ọran yẹn, o le fẹ lati ronu fifi awọn irinṣẹ rng ati ṣiṣe rngd -r/dev/urandom.
Tunto ati Ni aabo PhpMyAdmin
9. Ni /etc/httpd/conf.d/phpMyAdmin.conf (CentOS) tabi /etc/phpmyadmin/apache.conf (Debian ati awọn itọsẹ), wa gbogbo awọn iṣẹlẹ ti awọn ila wọnyi ki o rii daju pe wọn tọka si IP gbangba ti olupin rẹ:
Require ip AAA.BBB.CCC.DDD Allow from AAA.BBB.CCC.DDD
Ni afikun, mu awọn inagijẹ aiyipada ṣiṣẹ ki o ṣẹda tuntun kan lati wọle si oju-iwe iwọle phpMyAdmin rẹ. Eyi yoo ṣe iranlọwọ lati ni aabo aaye naa si awọn botilẹtẹ ati awọn ikọlu ita ti o fojusi www.yourdomain.com/phpmyadmin tabi www.yourdomain.com/phpMyAdmin.
#Alias /phpMyAdmin /usr/share/phpMyAdmin #Alias /phpmyadmin /usr/share/phpMyAdmin Alias /managedb /usr/share/phpMyAdmin
Pẹlupẹlu, ṣafikun laini atẹle inu :
Require all granted
Ṣẹda Apache VirtualHost fun Aṣẹ
10. Rii daju pe a fi aaye rẹ kun si awọn aaye ti o ṣiṣẹ. Ṣẹda /etc/httpd/sites-available/linuxnewz.com.conf (CentOS) tabi /etc/apache2/sites-available/linuxnewz.com (Debian) pẹlu awọn akoonu wọnyi (rii daju pe DocumentRoot, awọn aaye wa, ati awọn aaye -awọn ilana itọnisọna ti o wa tẹlẹ):
<VirtualHost *:80>
ServerName www.linuxnewz.com
ServerAlias linuxnewz.com
DocumentRoot /var/www/linuxnewz.com/public_html
ErrorLog /var/www/linuxnewz.com/error.log
CustomLog /var/www/linuxnewz.com/requests.log combined
Options Indexes FollowSymLinks
</VirtualHost>
ati ọna asopọ aami:
# ln -s /etc/httpd/sites-available/linuxnewz.com.conf /etc/httpd/sites-enabled/linuxnewz.com.conf
# a2ensite linuxnewz.com
ati pe o ti pari.
Ṣeto aaye data Imeeli Postfix
11. Nisisiyi o le ṣii wiwo phpMyAdmin rẹ ni https://www.yourdomain.com/managedb (ṣe akiyesi pe ṣakosob jẹ inagijẹ ti a ṣeto tẹlẹ fun itọsọna data phpMyAdmin).
Ti iyẹn ko ba ṣiṣẹ (eyiti o le fa nipasẹ idaduro ninu ikede tabi aini iṣeto ti awọn igbasilẹ DNS) fun akoko naa o le gbiyanju lati lo adirẹsi IP ti olupin rẹ dipo www.yourdomain.com:
Ni eyikeyi iṣẹlẹ, lẹhin ti o wọle si phpMyAdmin iwọ yoo wo wiwo atẹle. Tẹ Tuntun ni apakan osi:
Tẹ orukọ sii fun ibi ipamọ data (EmailServer_db ninu ọran yii, ko si ye lati yan Ikojọpọ kan) ki o tẹ Ṣẹda:
12. Lori iboju ti nbo, yan orukọ fun tabili akọkọ (nibi ti a yoo tọju awọn ibugbe awọn olupin meeli yii yoo ṣakoso.
Jọwọ ṣe akiyesi paapaa nigba ti o wa ninu jara yii a yoo ṣakoso agbegbe kan nikan, o le ṣafikun diẹ sii nigbamii) ati nọmba awọn aaye ti o fẹ ninu rẹ, lẹhinna tẹ Lọ. O yoo ti ọ lati lorukọ ati tunto awọn aaye meji wọnyẹn, nibi ti o ti le tẹsiwaju lailewu bi a ṣe tọka ninu awọn aworan wọnyi:
Nigbati o ba yan PRIMARY labẹ Atọka fun DomainId, gba awọn iye aiyipada ki o tẹ Lọ:
Ni omiiran, o le tẹ SQL Awotẹlẹ lati wo koodu labẹ iho:
CREATE TABLE `EmailServer_db`.`Domains_tbl` ( `DomainId` INT NOT NULL AUTO_INCREMENT , `DomainName` VARCHAR(50) NOT NULL , PRIMARY KEY (`DomainId`)) ENGINE = InnoDB;
Nigbati o ba ṣetan, tẹ Fipamọ lati jẹrisi awọn ayipada. Iwọ yoo ni anfani lati tẹ Titun labẹ ImeeliServer_db lati tẹsiwaju ṣiṣẹda awọn tabili:
13. Bayi tẹle awọn igbesẹ wọnyi lati ṣẹda iyoku awọn tabili. Tẹ lori taabu SQL ki o tẹ koodu ti a tọka sii fun ohunkan ipilẹ data kọọkan.
Akiyesi pe ninu ọran yii a yan lati ṣẹda tabili ni lilo ibeere SQL nitori awọn ibatan ti o gbọdọ fi idi mulẹ laarin awọn tabili oriṣiriṣi:
CREATE TABLE `Users_tbl` (
`UserId` INT NOT NULL AUTO_INCREMENT,
`DomainId` INT NOT NULL,
`password` VARCHAR(100) NOT NULL,
`Email` VARCHAR(100) NOT NULL,
PRIMARY KEY (`UserId`),
UNIQUE KEY `Email` (`Email`),
FOREIGN KEY (DomainId) REFERENCES Domains_tbl(DomainId) ON DELETE CASCADE
) ENGINE = InnoDB;
O yẹ ki o gba ifiranṣẹ idaniloju (ti kii ba ṣe bẹ, phpMyAdmin yoo tọ fun awọn aṣiṣe sintasi):
CREATE TABLE `Alias_tbl` (
`AliasId` INT NOT NULL AUTO_INCREMENT,
`DomainId` INT NOT NULL,
`Source` varchar(100) NOT NULL,
`Destination` varchar(100) NOT NULL,
PRIMARY KEY (`AliasId`),
FOREIGN KEY (DomainId) REFERENCES Domains_tbl(DomainId) ON DELETE CASCADE
) ENGINE = InnoDB;
(Tẹ Lọ ni isalẹ lati tẹsiwaju pẹlu ẹda tabili).
Titi di aaye yii, o yẹ ki o ni eto ipilẹ data atẹle:
Eyi ti o tumọ si pe o ti ṣetan lati bẹrẹ fifi awọn igbasilẹ diẹ kun ni apakan ti nbọ.
Ṣiṣẹda ase Postfix kan, Awọn olumulo ati awọn aliasi
14. A yoo fi sii awọn igbasilẹ atẹle si awọn tabili mẹta. Awọn ọrọ igbaniwọle fun [imeeli ni idaabobo] yoo wa ni paroko ati INSERT INTO Users_tbl.
Pẹlupẹlu, jọwọ ṣe akiyesi pe awọn imeeli ti a firanṣẹ si [imeeli ni idaabobo]:
INSERT INTO Domains_tbl (DomainName) VALUES ('linuxnewz.com');
INSERT INTO Users_tbl (DomainId, password, Email) VALUES (1, ENCRYPT('PasswordForFirstEmailAccount', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email ');
INSERT INTO Users_tbl (DomainId, password, Email) VALUES (1, ENCRYPT('PasswordForSecondEmailAccount', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), '[email ');
INSERT INTO Alias_tbl (DomainId, Source, Destination) VALUES (1, '[email ', '[email ');
Lẹhin ti o ti fi aaye wa kun, awọn iroyin olumulo meji, ati inagijẹ imeeli ti a ti ṣetan lati tẹsiwaju ṣiṣeto olupin imeeli wa ni nkan ti n bọ ti jara yii, nibi ti a yoo tunto Dovecot ati Postfix.
Akopọ
Ninu àpilẹkọ yii a ti ṣe atokọ awọn idii ti o nilo lati fi sori ẹrọ olupin imeeli Postfix kan ni CentOS 7 VPS, ati ṣalaye bi a ṣe le ṣakoso ipilẹ data ipilẹ nipa lilo phpMyAdmin.
Ninu awọn nkan meji ti o nbọ a yoo ṣe atunyẹwo iṣeto ti awọn eto meji ti yoo ṣe abojuto pinpin imeeli fun aaye wa (Apá 2) ati fihan ọ bi o ṣe le ṣafikun aabo lodi si àwúrúju ati awọn ọlọjẹ (Apá 3) fun olupin rẹ.
Titi di igba naa, ni ọfẹ lati kan si wa ni lilo fọọmu ti o wa ni isalẹ ti o ba ni ibeere tabi awọn asọye eyikeyi.