Takulandirani! Lero tikuuzani momwe mungapangire zoikamo zoyambira pachipata cha makalata - Mayankho achitetezo a imelo a Fortinet. Pankhaniyo tiwona masanjidwe omwe tidzagwire nawo ntchito ndikukonza kasinthidwe , zofunika kulandira ndi kuyang'ana makalata, ndipo tidzayesanso ntchito yake. Kutengera zomwe takumana nazo, titha kunena mosabisa kuti njirayi ndi yosavuta, ndipo ngakhale mutasintha pang'ono mutha kuwona zotsatira.
Tiyeni tiyambe ndi masanjidwe apano. Zikuwonetsedwa mu chithunzi pansipa.
Kumanja tikuwona kompyuta ya wogwiritsa ntchito kunja, komwe tidzatumiza makalata kwa wogwiritsa ntchito pa intaneti yamkati. Netiweki yamkati ili ndi kompyuta ya wogwiritsa ntchito, woyang'anira madambwe wokhala ndi seva ya DNS yomwe ikuyenda pamenepo, ndi seva yamakalata. Pamphepete mwa netiweki pali firewall - FortiGate, chinthu chachikulu chomwe ndikukhazikitsa SMTP ndi DNS kutumiza magalimoto.
Tiyeni tipereke chidwi chapadera ku DNS.
Pali ma DNS ma rekodi awiri omwe amagwiritsidwa ntchito potumiza maimelo pa intaneti β rekodi A ndi rekodi ya MX. Kawirikawiri, zolemba za DNS zimakonzedwa pa seva ya DNS, koma chifukwa cha malire a masanjidwe, timangotumiza DNS kudzera pa firewall (ndiko kuti, wogwiritsa ntchito kunja ali ndi adilesi 10.10.30.210 yolembedwa ngati seva ya DNS).
Mbiri ya MX ndi mbiri yomwe ili ndi dzina la seva yamakalata yomwe imagwira ntchito pagawoli, komanso kufunikira kwa seva yamakalata iyi. Kwa ife zikuwoneka ngati izi: test.local -> mail.test.local 10.
Rekodi ndi mbiri yomwe imasintha dzina la domain kukhala adilesi ya IP, kwa ife ndi: mail.test.local -> 10.10.30.210.
Pamene wosuta wathu wakunja amayesa kutumiza imelo [imelo ndiotetezedwa], idzafunsa seva yake ya DNS MX ya test.local domain record. Seva yathu ya DNS idzayankha ndi dzina la seva yamakalata - mail.test.local. Tsopano wogwiritsa ntchito ayenera kupeza adilesi ya IP ya seva iyi, kotero amapezanso DNS ya mbiri ya A ndikulandila adilesi ya IP 10.10.30.210 (inde, yake kachiwiri :) ). Mutha kutumiza kalata. Chifukwa chake, imayesa kukhazikitsa kulumikizana ndi adilesi yolandila ya IP padoko 25. Pogwiritsa ntchito malamulo pa firewall, kulumikizana uku kumatumizidwa ku seva yamakalata.
Tiyeni tiwone momwe makalata amagwiritsidwira ntchito mumkhalidwe wamakono wa masanjidwewo. Kuti tichite zimenezi, tidzagwiritsa ntchito swaks pa kompyuta wosuta wakunja. Ndi chithandizo chake, mutha kuyesa magwiridwe antchito a SMTP potumiza wolandila kalata yokhala ndi magawo osiyanasiyana. M'mbuyomu, wogwiritsa ntchito makalata adapangidwa kale pa seva yamakalata [imelo ndiotetezedwa]. Tiyeni tiyese kumutumizira kalata:
Tsopano tiyeni tipite ku makina ogwiritsira ntchito mkati ndikuwonetsetsa kuti kalatayo yafika:
Kalatayo idafikadi (yawonetsedwa pamndandanda). Izi zikutanthauza kuti masanjidwewo akugwira ntchito moyenera. Ino ndi nthawi yoti mupite ku FortiMail. Tiyeni tiwonjezere ku masanjidwe athu:
FortiMail ikhoza kutumizidwa m'njira zitatu:
- Gateway - imagwira ntchito ngati MTA yokwanira: imatenga makalata onse, amawayang'ana, kenako amawatumiza ku seva yamakalata;
- Transparent - kapena mwa kuyankhula kwina, mawonekedwe owonekera. Imayikidwa kutsogolo kwa seva ndikuyang'ana makalata obwera ndi otuluka. Pambuyo pake, imatumiza ku seva. Sichifuna kusintha kwa kasinthidwe ka netiweki.
- Seva - pakadali pano, FortiMail ndi seva yamakalata yodzaza ndi kuthekera kopanga mabokosi amakalata, kulandira ndi kutumiza makalata, komanso magwiridwe antchito ena.
Tidzatumiza FortiMail mu Gateway mode. Tiyeni tipite ku zoikamo makina pafupifupi. Kulowa ndi admin, palibe mawu achinsinsi omwe atchulidwa. Mukalowa kwa nthawi yoyamba, muyenera kukhazikitsa mawu achinsinsi atsopano.
Tsopano tiyeni tikonze makina enieni kuti apeze mawonekedwe a intaneti. Ndikofunikiranso kuti makinawo akhale ndi intaneti. Tiyeni tiyike mawonekedwe. Timangofunika port1. Ndi chithandizo chake tidzalumikizana ndi intaneti, ndipo idzagwiritsidwanso ntchito kupeza intaneti. Kufikira pa intaneti ndikofunikira kuti musinthe ntchito (ma signature a antivayirasi, ndi zina). Kukonzekera, lowetsani malamulo:
config system mawonekedwe
kusintha port 1
ip 192.168.1.40 255.255.255.0
khazikitsani chilolezo https http ssh ping
TSIRIZA
Tsopano tiyeni tikonze mayendedwe. Kuti muchite izi muyenera kulowa malamulo otsatirawa:
config system njira
sintha 1
set chipata 192.168.1.1
khazikitsani mawonekedwe a port1
TSIRIZA
Mukalowetsa malamulo, mutha kugwiritsa ntchito ma tabu kuti musawalembe mokwanira. Komanso, ngati muiwala kuti ndi lamulo liti lomwe liyenera kutsatira, mutha kugwiritsa ntchito kiyi "?".
Tsopano tiyeni tiwone kulumikizidwa kwanu pa intaneti. Kuti tichite izi, tiyeni tiyimbe Google DNS:
Monga mukuonera, tsopano tili ndi intaneti. Zokonda zoyambira pazida zonse za Fortinet zamalizidwa, ndipo tsopano mutha kupitiliza kasinthidwe kudzera pa intaneti. Kuti muchite izi, tsegulani tsamba loyang'anira:
Chonde dziwani kuti muyenera kutsatira ulalo mumpangidwe /admin. Apo ayi, simungathe kupeza tsamba loyang'anira. Mwachisawawa, tsambalo liri mumayendedwe okhazikika. Kwa zoikamo tikufuna Advanced mode. Tiyeni tipite ku admin-> Onani menyu ndikusintha mawonekedwe kukhala Advanced:
Tsopano tiyenera kukopera woyeserera. Izi zitha kuchitika pamenyu Information License β VM β Kusintha:
Ngati mulibe chilolezo choyeserera, mutha kuyitanitsa polumikizana .
Mukalowa chilolezo, chipangizocho chiyenera kuyambiranso. M'tsogolomu, idzayamba kukokera zosintha ku nkhokwe zake kuchokera ku maseva. Ngati izi sizichitika zokha, mutha kupita ku System β FortiGuard menyu ndipo mu Antivayirasi, ma tabu a Antispam dinani batani la Update Now.
Ngati izi sizikuthandizani, mutha kusintha madoko omwe amagwiritsidwa ntchito posintha. Kawirikawiri zitatha izi zilolezo zonse zimawonekera. Pomaliza, ziyenera kuwoneka motere:
Tiyeni tikhazikitse nthawi yoyenera, izi zitha kukhala zothandiza pofufuza zipika. Kuti muchite izi, pitani ku System β Configuration menyu:
Tidzakonzanso DNS. Tidzakonza seva yamkati ya DNS ngati seva yayikulu ya DNS, ndikusiya seva ya DNS yoperekedwa ndi Fortinet ngati yosunga zobwezeretsera.
Tsopano tiyeni tipitirire ku gawo losangalatsa. Monga momwe mwawonera, chipangizochi chimayikidwa ku Gateway mode mwachisawawa. Choncho sitifunika kusintha. Tiyeni tipite ku Domain & User β Domain field. Tiyeni tipange dera latsopano lomwe likufunika kutetezedwa. Apa timangofunika kufotokoza dzina la domain ndi adilesi ya seva yamakalata (mutha kutchulanso dzina lake, m'malo mwathu mail.test.local):
Tsopano tikuyenera kupereka dzina lachipata cha makalata athu. Izi zidzagwiritsidwa ntchito mu zolemba za MX ndi A, zomwe tidzafunika kusintha pambuyo pake:
Kuchokera ku Host Name ndi Local Domain Name malo, FQDN imapangidwa, yomwe imagwiritsidwa ntchito muzolemba za DNS. Kwa ife, FQDN = fortimail.test.local.
Tsopano tiyeni tiyike lamulo lolandira. Timafunikira maimelo onse omwe amachokera kunja ndipo amaperekedwa kwa wogwiritsa ntchito mu domain kuti atumizidwe ku seva yamakalata. Kuti muchite izi, pitani ku menyu Policy β Access Control. Chitsanzo chokhazikitsa chikuwonetsedwa pansipa:
Tiyeni tiwone tabu ya Recipient Policy. Apa mutha kukhazikitsa malamulo ena owunikira zilembo: ngati imelo imachokera ku domain example1.com, muyenera kuyang'ana ndi makina omwe adakonzedweratu pa domain iyi. Pali kale lamulo losakhazikika pamakalata onse, ndipo pakadali pano likutikwanira. Mutha kuwona lamulo ili pachithunzi pansipa:
Pakadali pano, kukhazikitsidwa kwa FortiMail kumatha kuonedwa kuti ndi kokwanira. Ndipotu, pali zina zambiri zomwe zingatheke, koma ngati tiyamba kuziganizira zonse, tikhoza kulemba buku :) Ndipo cholinga chathu ndikuyambitsa FortiMail mumayendedwe oyesera ndi khama lochepa.
Pali zinthu ziwiri zomwe zatsala - sinthani zolemba za MX ndi A, ndikusinthanso malamulo otumizira madoko pa chowotcha moto.
The MX record test.local -> mail.test.local 10 iyenera kusinthidwa kukhala test.local -> fortimail.test.local 10. Koma kawirikawiri pa oyendetsa ndege yachiwiri ya MX yolembedwa ndi yapamwamba kwambiri imawonjezeredwa. Mwachitsanzo:
test.local -> mail.test.local 10
test.local -> fortimail.test.local 5
Ndiroleni ndikukumbutseni kuti kutsika kwa nambala ya ordinal ya zokonda zama seva mu rekodi ya MX, ndikokwera kwambiri.
Ndipo zolowera sizingasinthidwe, ndiye tingopanga chatsopano: fortimail.test.local -> 10.10.30.210. Wogwiritsa ntchito kunja adzalumikizana ndi adilesi 10.10.30.210 pa doko 25, ndipo chowotcha moto chidzatumiza kulumikizana kwa FortiMail.
Kuti musinthe lamulo lotumizira FortiGate, muyenera kusintha adilesi mu chinthu chofananira cha Virtual IP:
Zonse zakonzeka. Tiyeni tione. Tiyeni titumizenso kalatayo kuchokera pakompyuta ya munthu wakunja. Tsopano tiyeni tipite ku FortiMail mu Monitor β Logs menyu. M'munda wa Mbiri mutha kuwona mbiri yomwe kalatayo idalandiridwa. Kuti mumve zambiri, mutha dinani kumanja pazolowera ndikusankha Tsatanetsatane:
Kuti mumalize chithunzichi, tiyeni tiwone ngati FortiMail pamasinthidwe ake apano angatseke maimelo omwe ali ndi sipamu ndi ma virus. Kuti tichite izi, titumiza kachilombo ka eicar test virus ndi kalata yoyesera yomwe imapezeka mu imodzi mwazosunga zosungira za sipamu (http://untroubled.org/spam/). Pambuyo pake, tiyeni tibwerere ku menyu yowonera logi:
Monga tikuonera, sipamu ndi kalata yokhala ndi kachilombo zidadziwika bwino.
Kukonzekera uku ndikokwanira kupereka chitetezo choyambirira ku ma virus ndi sipamu. Koma magwiridwe antchito a FortiMail samangokhala pa izi. Kuti mutetezeke bwino, muyenera kuphunzira njira zomwe zilipo ndikuzisintha kuti zigwirizane ndi zosowa zanu. M'tsogolomu, tikukonzekera kuwunikira zina, zotsogola kwambiri panjira yamakalata iyi.
Ngati muli ndi zovuta kapena mafunso okhudzana ndi yankho, alembeni mu ndemanga, tidzayesetsa kuwayankha mwachangu.
Mutha kutumiza pempho la chilolezo choyesa kuyesa yankho .
Wolemba: Alexey Nikulin. Information Security Engineer Fortiservice.
Source: www.habr.com