Barka da zuwa! A yau za mu gaya muku yadda ake yin saitunan farko na ƙofar wasiƙar – Fortinet imel tsaro mafita. A lokacin labarin za mu dubi shimfidar wuri da za mu yi aiki tare da kuma aiwatar da tsari , wajibi ne don karba da duba haruffa, kuma za mu gwada aikinta. Dangane da kwarewarmu, zamu iya cewa tsarin yana da sauƙi sosai, kuma ko da bayan ƙaramin tsari za ku iya ganin sakamako.
Bari mu fara da shimfidar wuri na yanzu. An nuna shi a cikin hoton da ke ƙasa.
A hannun dama muna ganin kwamfutar mai amfani da waje, daga abin da za mu aika wasiku ga mai amfani a kan hanyar sadarwa ta ciki. Cibiyar sadarwa ta ciki ta ƙunshi kwamfutar mai amfani, mai sarrafa yanki tare da uwar garken DNS da ke aiki a kai, da sabar saƙo. A gefen hanyar sadarwa akwai Tacewar zaɓi - FortiGate, babban fasalinsa shine saita SMTP da zirga-zirgar zirga-zirgar DNS.
Mu ba da kulawa ta musamman ga DNS.
Akwai bayanan DNS guda biyu da ake amfani da su don aika imel akan Intanet - rikodin A da rikodin MX. Yawanci, ana saita waɗannan bayanan DNS akan uwar garken DNS na jama'a, amma saboda iyakancewar shimfidar wuri, muna tura DNS kawai ta hanyar Tacewar zaɓi (wato, mai amfani na waje yana da adireshin 10.10.30.210 mai rijista azaman uwar garken DNS).
Rikodin MX rikodin ne mai ɗauke da sunan sabar saƙon da ke hidima ga yankin, da fifikon wannan sabar wasiƙar. A cikin yanayinmu yana kama da haka: test.local -> mail.test.local 10.
Rikodi shine rikodin da ke canza sunan yanki zuwa adireshin IP, a gare mu shine: mail.test.local -> 10.10.30.210.
Lokacin da mai amfani da mu na waje yayi ƙoƙarin aika imel zuwa gare shi [email kariya], zai nemi sabar DNS MX don rikodin yanki na test.local. Sabar DNS ɗin mu za ta amsa da sunan sabar saƙon - mail.test.local. Yanzu mai amfani yana buƙatar samun adireshin IP na wannan uwar garken, don haka ya sake shiga DNS don rikodin A kuma ya karɓi adireshin IP 10.10.30.210 (e, nasa sake :)). Kuna iya aika wasiƙa. Don haka, yana ƙoƙarin kafa haɗin kai zuwa adireshin IP da aka karɓa akan tashar jiragen ruwa 25. Yin amfani da dokoki akan Tacewar zaɓi, ana tura wannan haɗin zuwa uwar garken imel.
Bari mu duba ayyukan saƙon a halin yanzu na shimfidawa. Don yin wannan, za mu yi amfani da swaks mai amfani a kan kwamfuta mai amfani na waje. Tare da taimakonsa, zaku iya gwada aikin SMTP ta hanyar aika mai karɓa wasiƙa tare da saitin sigogi daban-daban. A baya can, an riga an ƙirƙiri mai amfani da akwatin saƙo akan sabar wasiƙa [email kariya]. Mu yi kokarin aika masa da wasika:
Yanzu bari mu je na'urar mai amfani da ciki kuma mu tabbata cewa harafin ya isa:
Wasiƙar ta zo a zahiri (an yi alama a cikin jerin). Wannan yana nufin shimfidar wuri tana aiki daidai. Yanzu shine lokacin matsawa zuwa FortiMail. Bari mu ƙara zuwa shimfidar wuri:
Ana iya tura FortiMail ta hanyoyi uku:
- Gateway - yana aiki azaman cikakken MTA: yana ɗaukar duk wasiku, bincika shi, sannan tura shi zuwa uwar garken wasiƙa;
- M - ko a wasu kalmomi, yanayin gaskiya. Ana shigar da shi a gaban uwar garken kuma yana bincika wasiku masu shigowa da masu fita. Bayan haka, yana aika shi zuwa uwar garken. Baya buƙatar canje-canje ga saitin hanyar sadarwa.
- Server - a wannan yanayin, FortiMail cikakkiyar sabar saƙo ce tare da ikon ƙirƙirar akwatunan wasiku, karɓa da aika wasiku, da sauran ayyuka.
Za mu tura FortiMail a yanayin Ƙofar. Bari mu je zuwa saitunan injin kama-da-wane. Login admin ne, ba a ƙayyade kalmar sirri ba. Lokacin da ka shiga a karon farko, dole ne ka saita sabon kalmar sirri.
Yanzu bari mu saita injin kama-da-wane don samun damar haɗin yanar gizo. Har ila yau wajibi ne na'urar ta sami damar Intanet. Bari mu saita dubawa. Mu kawai tashar jiragen ruwa1. Tare da taimakonsa za mu haɗu da haɗin yanar gizo, kuma za a yi amfani da shi don shiga Intanet. Ana buƙatar samun damar Intanet don sabunta ayyuka (sa hannun riga-kafi, da sauransu). Don daidaitawa, shigar da umarni:
saita tsarin dubawa
edit port 1
kafa IP 192.168.1.40 255.255.255.0
saita izinin shiga https http ssh ping
karshen
Yanzu bari mu saita routing. Don yin wannan kuna buƙatar shigar da umarni masu zuwa:
config tsarin hanya
gyara 1
saita ƙofar 192.168.1.1
saitin tashar tashar sadarwa 1
karshen
Lokacin shigar da umarni, zaku iya amfani da shafuka don gujewa buga su gabaɗaya. Hakanan, idan kun manta wane umarni yakamata ya zo na gaba, zaku iya amfani da maɓallin “?”.
Yanzu bari mu duba haɗin Intanet ɗin ku. Don yin wannan, bari mu ping Google DNS:
Kamar yadda kake gani, yanzu muna da Intanet. An kammala saitunan farko na yau da kullun don duk na'urorin Fortinet, kuma yanzu zaku iya ci gaba zuwa daidaitawa ta hanyar haɗin yanar gizo. Don yin wannan, buɗe shafin gudanarwa:
Lura cewa kuna buƙatar bin hanyar haɗin yanar gizon a cikin tsari / admin. In ba haka ba, ba za ku sami damar shiga shafin gudanarwa ba. Ta hanyar tsoho, shafin yana cikin daidaitaccen yanayin sanyi. Don saituna muna buƙatar Yanayin Babba. Bari mu je admin-> Duba menu kuma canza yanayin zuwa Na ci gaba:
Yanzu muna buƙatar zazzage lasisin gwaji. Ana iya yin wannan a cikin menu Bayanin Lasisi → VM → Sabuntawa:
Idan baku da lasisin gwaji, kuna iya buƙatar ɗaya ta hanyar tuntuɓar .
Bayan shigar da lasisi, ya kamata na'urar ta sake yi. A nan gaba, za ta fara cire sabuntawa zuwa rumbun adana bayanai daga sabar. Idan wannan bai faru ta atomatik ba, zaku iya zuwa menu System → FortiGuard kuma a cikin Antivirus, Antispam shafuka danna maɓallin Sabunta Yanzu.
Idan wannan bai taimaka ba, zaku iya canza tashar jiragen ruwa da ake amfani da su don sabuntawa. Yawancin lokaci bayan wannan duk lasisi suna bayyana. A karshe yakamata yayi kama da haka:
Bari mu saita yankin lokaci daidai, wannan zai zama da amfani yayin nazarin rajistan ayyukan. Don yin wannan, je zuwa menu System → Kanfigareshan:
Za mu kuma saita DNS. Za mu saita uwar garken DNS na ciki a matsayin babban uwar garken DNS, kuma mu bar uwar garken DNS wanda Fortinet ya bayar azaman madadin.
Yanzu bari mu matsa zuwa sashin nishaɗi. Kamar yadda wataƙila kun lura, an saita na'urar zuwa Yanayin Ƙofar ta tsohuwa. Saboda haka, ba ma bukatar mu canza shi. Mu je zuwa Domain & User → Domain field. Bari mu ƙirƙiri sabon yanki da ke buƙatar kariya. Anan kawai muna buƙatar saka sunan yanki da adireshin uwar garken wasiku (zaka iya kuma saka sunan yankin, a cikin yanayinmu mail.test.local):
Yanzu muna buƙatar samar da suna don ƙofar wasikunmu. Za a yi amfani da wannan a cikin bayanan MX da A, waɗanda za mu buƙaci mu canza daga baya:
Daga Sunan Mai watsa shiri da wuraren Sunan Domain Name, an haɗa FQDN, wanda ake amfani dashi a cikin bayanan DNS. A cikin yanayinmu, FQDN = fortimail.test.local.
Yanzu bari mu kafa tsarin karba. Muna buƙatar duk imel ɗin da suka fito daga waje kuma an sanya su ga mai amfani a cikin yankin don a tura shi zuwa uwar garken wasiku. Don yin wannan, je zuwa menu Policy → Control Access. Ana nuna saitin misali a ƙasa:
Mu duba shafin Manufofin Mai karɓa. Anan zaku iya saita wasu ƙa'idodi don duba haruffa: idan wasiƙa ta fito daga yankin example1.com, kuna buƙatar bincika shi tare da hanyoyin da aka tsara musamman don wannan yanki. Tuni akwai ƙa'ida ta asali don duk wasiku, kuma a yanzu ya dace da mu. Kuna iya ganin wannan doka a cikin hoton da ke ƙasa:
A wannan gaba, ana iya ɗaukar saitin akan FortiMail cikakke. A zahiri, akwai ƙarin sigogi masu yuwuwa, amma idan muka fara la'akari da su duka, zamu iya rubuta littafi :) Kuma burin mu shine ƙaddamar da FortiMail a yanayin gwaji tare da ƙaramin ƙoƙari.
Akwai abubuwa guda biyu da suka rage - canza rikodin MX da A, sannan kuma canza ka'idodin isar da tashar jiragen ruwa akan Tacewar zaɓi.
Dole ne a canza gwajin rikodin MX.local -> mail.test.local 10 zuwa test.local -> fortimail.test.local 10. Amma yawanci a lokacin matukin jirgi ana ƙara rikodin MX na biyu tare da fifiko mafi girma. Misali:
test.local -> mail.test.local 10
test.local -> fortimail.test.local 5
Bari in tunatar da ku cewa rage yawan adadin zaɓi na sabar sabar a cikin rikodin MX, mafi girman fifikonsa.
Kuma ba za a iya canza shigarwar ba, don haka kawai za mu ƙirƙiri wani sabon abu: fortimail.test.local -> 10.10.30.210. Mai amfani na waje zai tuntubi adireshin 10.10.30.210 akan tashar jiragen ruwa 25, kuma Tacewar zaɓi zai tura haɗin zuwa FortiMail.
Don canza ƙa'idar turawa akan FortiGate, kuna buƙatar canza adireshin a cikin abin da ke daidai da Virtual IP:
Duk a shirye. Mu duba. Bari mu sake aika wasiƙar daga kwamfutar mai amfani da waje. Yanzu bari mu je FortiMail a cikin Monitor → Logs menu. A cikin filin Tarihi zaka iya ganin rikodin cewa an karɓi wasiƙar. Don ƙarin bayani, zaku iya danna maɓallin dama akan shigarwa kuma zaɓi Cikakken bayani:
Don kammala hoton, bari mu bincika ko FortiMail a cikin tsarinta na yanzu zai iya toshe imel ɗin da ke ɗauke da spam da ƙwayoyin cuta. Don yin wannan, za mu aika da kwayar cutar eicar da wasiƙar gwaji da aka samo a ɗaya daga cikin ma'ajin saƙon spam (http://untroubled.org/spam/). Bayan haka, bari mu koma menu na duba log:
Kamar yadda muke iya gani, an yi nasarar gano duka spam da wasiƙar da ke da ƙwayar cuta.
Wannan saitin ya isa don samar da kariya ta asali daga ƙwayoyin cuta da spam. Amma aikin FortiMail bai iyakance ga wannan ba. Don ƙarin ingantacciyar kariya, kuna buƙatar yin nazarin hanyoyin da ake da su kuma ku tsara su don dacewa da bukatunku. A nan gaba, muna shirin haskaka wasu, ƙarin abubuwan ci-gaba na wannan ƙofar wasiku.
Idan kuna da wasu matsaloli ko tambayoyi game da mafita, rubuta su a cikin sharhi, za mu yi ƙoƙarin amsa su da sauri.
Kuna iya ƙaddamar da buƙatar lasisin gwaji don gwada mafita .
Marubuci: Alexey Nikulin. Injiniyan Tsaro na Tsaro Fortiservice.
source: www.habr.com