Mauya! Nhasi tichakuudza kuti ungaita sei zvigadziro zvekutanga zvegedhi re mail -Fortinet email kuchengetedza mhinduro. Munguva yechinyorwa tichatarisa marongerwo atichashanda nawo nekuita gadziriro , inodiwa pakugamuchira uye kutarisa tsamba, uye isu tichaedzawo kuita kwayo. Kubva pane zvakaitika kwatiri, tinogona kutaura zvakachengeteka kuti maitiro acho ari nyore, uye kunyange mushure mekugadzirisa kushoma iwe unogona kuona mhinduro.
Ngatitangei nemarongerwo azvino. Inoratidzwa mumufananidzo uri pasi apa.
Kurudyi tinoona komputa yemushandisi wekunze, kubva kwatinozotumira tsamba kumushandisi pane network yemukati. Iyo yemukati network ine komputa yemushandisi, domain controller ine DNS server inoshanda pairi, uye mail server. Pamucheto wetiweki pane firewall - FortiGate, chinhu chikuru chekugadzirisa SMTP uye DNS traffic forwarding.
Ngatitarisei zvakanyanya kuDNS.
Kune marekodhi maviri eDNS anoshandiswa kuendesa email paInternet-iyo A rekodhi uye MX rekodhi. Kazhinji, aya marekodhi eDNS anogadziriswa pane yeruzhinji DNS server, asi nekuda kwezvimiro zvisingakwanisi, tinongoendesa DNS kuburikidza nefirewall (kureva kuti, mushandisi wekunze ane kero 10.10.30.210 yakanyoreswa seDNS server).
MX rekodhi rekodhi ine zita reiyo mail server inoshandira iyo dura, pamwe nekukosha kweiyi mail server. Kwatiri zvinoita seizvi: test.local -> mail.test.local 10.
Rekodhi irekodhi inoshandura zita rezita kuita IP kero, kwatiri ndeiyi: mail.test.local -> 10.10.30.210.
Kana mushandisi wedu wekunze achiedza kutumira email kune [email inodzivirirwa], ichabvunza yayo DNS MX server ye test.local domain rekodhi. Yedu DNS server ichapindura nezita revhavha yetsamba - mail.test.local. Iye zvino mushandisi anofanira kuwana IP kero ye server, saka anowana zvakare DNS yeA rekodhi uye anogamuchira IP kero 10.10.30.210 (hongu, yake zvakare :) ). Unogona kutumira tsamba. Naizvozvo, inoedza kumisikidza chinongedzo kune yakagamuchirwa IP kero pachiteshi 25. Uchishandisa mitemo pane firewall, kubatana uku kunotumirwa kune mail server.
Ngatitarisei kushanda kwetsamba mune yazvino mamiriro ehurongwa. Kuti tiite izvi, isu tinoshandisa iyo swaks utility pane yekunze mushandisi komputa. Nerubatsiro rwayo, unogona kuyedza mashandiro eSMTP nekutumira mugamuchiri tsamba ine seti yeakasiyana paramita. Kare, mushandisi ane bhokisi retsamba akatogadzirwa pane iyo mail server [email inodzivirirwa]. Ngatiedze kumutumira tsamba:
Zvino ngatiendei kumushini wemushandisi wemukati uye tive nechokwadi chekuti tsamba yasvika:
Tsamba yacho yakasvika chaizvo (yakaratidzwa mune rondedzero). Izvi zvinoreva kuti marongerwo ari kushanda nemazvo. Ino ndiyo nguva yekuenda kuFortiMail. Ngatiwedzerei kune yedu dhizaini:
FortiMail inogona kuiswa mumamodhi matatu:
- Gedhi - inoshanda seMTA yakazara-yakazara: inotora tsamba dzese, inotarisa iyo, uye yozoiendesa kune mail server;
- Transparent - kana nemamwe mazwi, transparent mode. Inoiswa pamberi pesevha uye inotarisa tsamba inouya neinobuda. Mushure meizvozvo, inoendesa kune server. Haidi shanduko kune network kumisikidza.
- Server - mune iyi kesi, FortiMail izere-yakazara mail sevha ine kugona kugadzira mabhokisi eemail, kugamuchira uye kutumira tsamba, pamwe nekumwe kushanda.
Isu tichaendesa FortiMail muGedhi mode. Handei kune chaiwo muchina marongero. Login ndeye admin, hapana password inotsanangurwa. Paunopinda mukati kekutanga, unofanirwa kuseta password nyowani.
Ikozvino ngatigadzirise iyo virtual muchina kuti uwane iyo web interface. Izvo zvinodiwawo kuti muchina wacho uve neInternet. Ngatimisei interface. Tinongoda port1 chete. Nekubatsira kwayo tichabatanidza kune web interface, uye ichashandiswawo kuwana Indaneti. Kuwanikwa kweInternet kunodiwa kugadzirisa masevhisi (antivirus siginicha, nezvimwewo). Nekugadzirisa, isa mirairo:
config system interface
gadzirisa port 1
set ip 192.168.1.40 255.255.255.0
gadzirisa mvumo https http ssh ping
magumo
Zvino ngatigadzirisei nzira. Kuti uite izvi unofanirwa kuisa mirairo inotevera:
config system nzira
edit 1
set gedhi 192.168.1.1
set interface port1
magumo
Paunenge uchiisa mirairo, unogona kushandisa ma tabo kuti udzivise kutaipa zvizere. Zvakare, kana ukakanganwa kuti ndeupi murairo unofanirwa kuuya unotevera, unogona kushandisa "?" kiyi.
Zvino ngatitarise Indaneti yako. Kuti uite izvi, ngati ping Google DNS:
Sezvauri kuona, isu tava neInternet. Iwo ekutanga marongero akajairwa kune ese maFortinet zvishandiso apedzwa, uye iwe unogona ikozvino kuenderera nekugadzirisa kuburikidza newebhu interface. Kuti uite izvi, vhura iyo manejimendi peji:
Ndokumbira utarise kuti unofanirwa kutevedzera chinongedzo mufomati /admin. Zvikasadaro, haugone kuwana iyo manejimendi peji. Nekumisikidza, peji iri mune yakajairwa configuration mode. Pazvirongwa tinoda Advanced mode. Handei kune admin-> Tarisa menyu uye chinja modhi kuenda kuAdvanced:
Iye zvino tinoda kudhawunirodha rezinesi reyedzo. Izvi zvinogona kuitwa mune menyu Rezinesi Ruzivo β VM β Kwidziridzo:
Kana iwe usina rezinesi rekuyedza, unogona kukumbira rimwe nekubata .
Mushure mekupinda rezinesi, mudziyo unofanirwa kutangazve. Mune ramangwana, ichatanga kudhonza zvigadziriso kune yayo dhatabhesi kubva kumaseva. Kana izvi zvikasaitika otomatiki, unogona kuenda kuSystem β FortiGuard menyu uye muAntivirus, Antispam tebhu tinya paKuvandudza Zvino bhatani.
Kana izvi zvikasabatsira, unogona kushandura madoko anoshandiswa kugadzirisa. Kazhinji mushure meizvi marezinesi ese anooneka. Pakupedzisira inofanira kutaridzika seizvi:
Ngatimisei nguva chaiyo yenguva, izvi zvichabatsira pakuongorora matanda. Kuti uite izvi, enda kuSystem β Configuration menyu:
Isu tichagadzirisa zvakare DNS. Isu tichagadzirisa iyo yemukati DNS server seyo huru DNS server, uye tosiya iyo DNS server yakapihwa naFortinet seyo yekuchengetedza.
Zvino ngatienderere mberi kune chikamu chinonakidza. Sezvaungave waona, mudziyo unoiswa kuGateway mode nekukasira. Nokudaro, hatifaniri kuichinja. Ngatiendei kuDomain & Mushandisi β Domain munda. Ngatigadzirei domain itsva inoda kuchengetedzwa. Pano isu tinongoda kutsanangura zita rezita uye mail server kero (iwe unogona zvakare kutsanangura zita renzvimbo, mune yedu mail.test.local):
Iye zvino tinoda kupa zita regedhi redu retsamba. Izvi zvichashandiswa muMX uye A zvinyorwa, izvo zvatichazoda kushandura gare gare:
Kubva paZita reKugamuchira uye Nzvimbo Yezita reMazita mapoinzi, iyo FQDN inounganidzwa, iyo inoshandiswa muDNS marekodhi. Kwatiri, FQDN = fortimail.test.local.
Zvino ngatimisei mutemo wekugamuchira. Tinoda maemail ese anobva kunze uye anopihwa mushandisi ari mudura kuti aendeswe kune mail server. Kuti uite izvi, enda kumenyu Policy β Access Control. Muenzaniso wekugadzirisa unoratidzwa pasi apa:
Ngatitarisei iyo Recipient Policy tab. Pano unogona kuseta mimwe mitemo yekutarisa mavara: kana tsamba ichibva kune iyo domain example1.com, iwe unofanirwa kuitarisa nemaitiro akagadzirirwa zvakanangana nedunhu iri. Patova nemutemo wakasarudzika wetsamba dzese, uye parizvino unoenderana nesu. Iwe unogona kuona mutemo uyu mumufananidzo uri pazasi:
Panguva ino, kuseta paFortiMail kunogona kutorwa sekwakazara. Muchokwadi, kune akawanda akawanda anogoneka paramita, asi kana tikatanga kufunga nezvese, tinogona kunyora bhuku :) Uye chinangwa chedu ndechekuvhura FortiMail muyedzo mode nekuedza kushoma.
Pane zvinhu zviviri zvasara - shandura iyo MX uye A marekodhi, uye zvakare shandura iyo chiteshi chekufambisa mitemo pane firewall.
Iyo MX rekodha test.local -> mail.test.local 10 inofanira kuchinjwa kuti test.local -> fortimail.test.local 10. Asi kazhinji panguva yevatyairi yechipiri MX rekodhi ine kukosha kwepamusoro inowedzerwa. Semuyenzaniso:
test.local -> mail.test.local 10
test.local -> fortimail.test.local 5
Rega ndikuyeuchidze kuti iyo yakadzikira iyo ordinal nhamba yetsamba server yaunofarira muMX rekodhi, inokwirisa kukosha kwayo.
Uye kupinda hakugoni kuchinjwa, saka tichangogadzira itsva: fortimail.test.local -> 10.10.30.210. Mushandisi wekunze achabata kero 10.10.30.210 pachiteshi 25, uye firewall inotumira chinongedzo kuFortiMail.
Kuti uchinje mutemo wekutumira paFortiGate, unofanirwa kushandura kero mune inoenderana Virtual IP chinhu:
Zvese zvagadzirira. Ngatitarisei. Ngatitumirei tsamba zvakare kubva kukombiyuta yemushandisi wekunze. Zvino ngatiendei kuFortiMail muMonitor β Logs menyu. Mumunda weNhoroondo unogona kuona rekodhi kuti tsamba yakagamuchirwa. Kuti uwane rumwe ruzivo, unogona kudzvanya-kurudyi pane yekupinda uye wosarudza Details:
Kuti tipedze mufananidzo, ngatitarisei kana FortiMail mukumisikidzwa kwayo kwazvino inogona kuvharira maemail ane spam nemavhairasi. Kuti tiite izvi, tichatumira eicar test virus netsamba yekuyedza inowanikwa mune imwe yedatabase respam (http://untroubled.org/spam/). Mushure meizvi, ngatidzokerei kune iyo log yekuona menyu:
Sezvatinoona, zvose zviri zviviri spam netsamba ine utachiona zvakaonekwa zvinobudirira.
Iyi gadziriso yakakwana kuti ipe dziviriro yekutanga kubva kumavhairasi uye spam. Asi kushanda kweFortiMail hakugumiri pane izvi. Kuti uwane dziviriro inoshanda, unofanirwa kudzidza nzira dziripo uye wodzigadzirisa kuti dzienderane nezvido zvako. Mune ramangwana, isu tinoronga kuratidza zvimwe, zvemberi zvegedhi retsamba ino.
Kana iwe uine chero matambudziko kana mibvunzo maererano nemhinduro, zvinyore mumashoko, isu tichaedza kuvapindura nekukasira.
Unogona kuendesa chikumbiro cherezinesi rekuyedza kuti uedze mhinduro .
Munyori: Alexey Nikulin. Ruzivo Chengetedzo Injiniya Fortiservice.
Source: www.habr.com