ProHoster > Блог > labaran intanet > Sakin sabar saƙon Postfix 3.6.0

Sakin sabar saƙon Postfix 3.6.0

Bayan shekara guda na ci gaba, an saki sabon reshe mai tsayayye na sabar saƙon Postfix - 3.6.0. A lokaci guda, ya sanar da ƙarshen goyon baya ga reshen Postfix 3.2, wanda aka saki a farkon 2017. Postfix shine ɗayan ayyukan da ba kasafai ba wanda ya haɗu da babban tsaro, amintacce da aiki a lokaci guda, wanda aka samu godiya ga kyakkyawan tsarin gine-gine da ingantaccen tsari don ƙirar ƙira da faci. An rarraba lambar aikin a ƙarƙashin EPL 2.0 (Lasisi na Jama'a) da IPL 1.0 (Lasisin Jama'a IBM).

A cewar wani binciken atomatik na Afrilu game da sabar sabar mail dubu 600, ana amfani da Postfix akan 33.66% (shekara ɗaya da ta gabata 34.29%) na sabar saƙon, rabon Exim shine 59.14% (57.77%), Sendmail - 3.6% (3.83) %), MailEnable - 2.02% (2.12%), MDaemon - 0.60% (0.77%), Microsoft Exchange - 0.32% (0.47%).

Manyan sabbin abubuwa:

  • Saboda canje-canje a cikin ladabi na ciki da aka yi amfani da su don hulɗar tsakanin abubuwan Postfix, dakatar da sabar saƙon tare da umarnin "postfix stop" ana buƙatar kafin sabuntawa. In ba haka ba, za a iya samun gazawa yayin yin hulɗa tare da ɗaukar hoto, qmgr, tabbatarwa, tlsproxy, da matakan allo, wanda zai iya haifar da jinkirin aika imel har sai an sake kunna Postfix.
  • An kawar da ambaton kalmomin “farare” da “baƙar fata,” waɗanda wasu al’umma ke ɗauka a matsayin wariyar launin fata. Maimakon "whitelist" da "blacklist", "allowlist" da "denylist" yakamata a yi amfani da su yanzu (misali, sigogin postscreen_allowlist_interfaces, postscreen_denylist_action da postscreen_dnsbl_allowlist_threshold). Canje-canjen sun shafi takaddun bayanai, saitunan tsarin aikin allo (ginayen bangon wuta) da tunanin bayanai a cikin rajistan ayyukan. postfix/postscreen[pid]: ALLOWLIST VETO [adireshi]: tashar postfix/postscreen[pid]: KYAUTA [adireshi]: tashar postfix/baya [pid]: KARYA [adireshin]: tashar jiragen ruwa

    Don adana sharuɗɗan da suka gabata a cikin rajistan ayyukan, an samar da siga "respectful_logging = no", wanda yakamata a ƙayyade a cikin main.cf kafin "compatibility_level = 3.6". An kiyaye goyan bayan tsoffin saitunan saitunan allo don dacewa da baya. Hakanan, fayil ɗin daidaitawa "master.cf" ya kasance baya canzawa don yanzu.

  • A cikin yanayin “conpatibility_level = 3.6”, an yi canjin tsoho don amfani da aikin hash na SHA256 maimakon MD5. Idan kun saita sigar farko a cikin ma'aunin dacewa_level, ana ci gaba da amfani da MD5, amma don saituna masu alaƙa da amfani da hashes waɗanda ba a fayyace ma'anar algorithm a cikinsa ba, za a nuna gargaɗi a cikin log ɗin. An dakatar da goyan bayan sigar fitarwa na ka'idar musayar maɓallin Diffie-Hellman (an yi watsi da ƙimar tlsproxy_tls_dh512_param_file siga).
  • Sauƙaƙen gano matsalolin matsalolin da ke da alaƙa da ƙididdige shirin mai sarrafa ba daidai ba a master.cf. Don gano irin waɗannan kurakuran, kowane sabis na baya, gami da postdrop, yanzu yana tallata sunan ƙa'idar kafin fara sadarwa, kuma kowane tsarin abokin ciniki, gami da aika saƙo, yana bincika cewa sunan yarjejeniya da aka tallata yayi daidai da bambance-bambancen da aka goyan baya.
  • An ƙara sabon nau'in taswira "local_login_sender_maps" don sassauƙan sarrafawa akan aikin adreshin ambulaf ɗin mai aikawa (wanda aka bayar a cikin umarnin "MAIL FROM" yayin zaman SMTP) zuwa tsarin aikawa da aikawa. Misali, don ƙyale masu amfani da gida, ban da tushen tushe da postfix, don saka masu shiga cikin saƙon aika kawai, ta amfani da UID daure da sunan, zaku iya amfani da saitunan masu zuwa: /etc/postfix/main.cf: local_login_sender_maps = inline : { {tushen = *} , {postfix = * }}, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Ana ba da izinin ƙayyadaddun duka login da login@domain form. /(.+)/ $1 $1…@example.com
  • Ƙara kuma kunna ta tsohuwa saitin "smtpd_relay_before_recipient_restrictions=ee", wanda uwar garken SMTP zai duba smtpd_relay_restrictions kafin smtpd_recipient_restrictions, kuma ba akasin haka ba, kamar da.
  • Ƙaddamar da siga "smtpd_sasl_mechanism_list", wanda ya kasa zuwa "!external, static: rest" don hana kurakurai masu ruɗani a cikin yanayin da SASL backend yayi iƙirarin tallafawa yanayin "EXTERNAL", wanda ba a tallafawa a cikin Postfix.
  • Lokacin warware sunaye a cikin DNS, sabon API wanda ke goyan bayan multithreading (threadsafe) ana kunna ta tsohuwa. Don ginawa tare da tsohuwar API, yakamata ku saka “makefiles CCARGS=”-DNO_RES_NCALLS…” lokacin gini.
  • An ƙara yanayin "enable_threaded_bounces = eh" don musanya sanarwar game da matsalolin isarwa, jinkirin bayarwa ko tabbatar da isarwa tare da ID ɗin tattaunawa iri ɗaya (ma'aikacin wasiku zai nuna sanarwar a cikin zaren iri ɗaya, tare da wasu saƙonnin wasiƙa).
  • Ta hanyar tsoho, ba a daina amfani da bayanan tsarin tsarin /etc/services don tantance lambobin tashar tashar TCP don SMTP da LMTP. Madadin haka, ana saita lambobin tashar jiragen ruwa ta hanyar sigar sananne_tcp_ports (tsoho lmtp = 24, smtp = 25, smtps = ƙaddamarwa = 465, ƙaddamarwa = 587). Idan wasu sabis ɗin sun ɓace daga sanannun_tcp_ports, /etc/services ana ci gaba da amfani da su.
  • An ɗaga matakin dacewa ("matakin daidaitawa_") zuwa "3.6" (an canza siga sau biyu a baya, sai dai 3.6 ƙimar da aka goyan baya sune 0 (tsoho), 1 da 2). Daga yanzu, "compatibility_level" zai canza zuwa lambar sigar da aka yi canje-canje waɗanda suka saba dacewa. Don duba matakan daidaitawa, an ƙara masu aikin kwatance daban zuwa main.cf da master.cf, kamar "<=level" da "<matakin" (masu aiki kwatanta daidaitattun ba su dace ba, tun da za su yi la'akari da 3.10 kasa da 3.9).

source: budenet.ru

Add a comment