Maitiro ekushanda neZimbra OSE matanda

Kudhinda kwezviitiko zvese zviri kuitika nderimwe remabasa akakosha echero hurongwa hwemakambani. Marogi anotendera iwe kugadzirisa matambudziko ari kubuda, kuongorora mashandiro ehurongwa hweruzivo, uye zvakare kuongorora zviitiko zvekuchengetedza ruzivo. Zimbra OSE zvakare inochengeta yakadzama matanda ekushanda kwayo. Izvo zvinosanganisira ese data kubva pakuita server kutumira uye kugamuchira maemail nevashandisi. Nekudaro, kuverenga matanda anogadzirwa neZimbra OSE ibasa risiri diki. Muchikamu chino, tichishandisa muenzaniso chaiwo, tichakuudza kuti ungaverenga sei matanda eZimbra OSE, pamwe nekuita kuti ave pakati.

Zimbra OSE inochengetedza matanda ese emunharaunda mu /opt/zimbra/log folda, uye matanda anogona kuwanikwa zvakare mu /var/log/zimbra.log faira. Chinonyanya kukosha pane izvi mailbox.log. Inorekodha zviito zvese zvinoitika pane mail server. Izvi zvinosanganisira kuendesa maemail, data rechokwadi remushandisi, kutadza kuyedza kupinda, nezvimwe. Entries in mailbox.log tambo yemavara ine nguva yakaitika chiitiko, nhanho yechiitiko, nhamba yeshinda iyo chiitiko chakaitika, zita remushandisi uye IP kero, pamwe nekutsanangurwa kwemavara kwechiitiko. .

Iyo Logi level inoratidza mwero wekurudziro yechiitiko pakushanda kweserver. Nekusagadzikana kune mana echiitiko mazinga: INFO, WARN, ERROR uye FATAL. Ngatitarisei pamatanho ese mukuwedzera kurongeka kwekuomarara.

• INFO - Zviitiko padanho rino zvinowanzoitirwa kuzivisa nezve kufambira mberi kweZimbra OSE. Mameseji ari padanho rino anosanganisira mishumo yekugadzirwa kana kubviswa kwebhokisi retsamba, zvichingodaro.
• YAMBIRA - zviitiko zvenhanho iyi zvinozivisa nezve mamiriro angangoita njodzi, asi haakanganisa kushanda kwesevha. Semuyenzaniso, iyo WARN level inomaka meseji nezve yakundikana mushandisi kuyedza kupinda.
• ERROR - iyi nhanho yechiitiko murogi inozivisa nezve kuitika kwechikanganiso chiri munharaunda mune zvakasikwa uye isingakanganise kushanda kweserver. Chiyero ichi chinogona kuratidza chikanganiso chekuti indekisi ye data yemunhu yakanganiswa.
• FATAL - iyi nhanho inoratidza kukanganisa nekuda kwekuti sevha haikwanise kuramba ichishanda semazuva ese. Semuenzaniso, iyo FATAL level ichave yerekodhi inoratidza kusakwanisa kubatana neDBMS.

Iyo mail server log faira inovandudzwa mazuva ese. Iyo yazvino vhezheni yefaira inogara iine zita rekuti Mailbox.log, nepo matanda erimwe zuva aine zuva muzita uye ari mudura. Semuenzaniso mailbox.log.2020-09-29.tar.gz. Izvi zvinoita kuti zvive nyore kuchengetedza zvinyorwa zvezviitiko uye kutsvaga kuburikidza nematanda.

Kuti zvive nyore kune system administrator, iyo /opt/zimbra/log/ folda ine mamwe matanda. Zvinongosanganisira zvinyorwa zvine chekuita neZimbra OSE zvinhu. Semuenzaniso, audit.log ine zvinyorwa chete pamusoro pekusimbiswa kwevashandisi, clamd.log ine data pamusoro pekushanda kweantivirus, nezvimwewo. Nenzira, yakanakisa nzira yekudzivirira Zimbra OSE sevha kubva kune vanopinda ndeye kudzivirira server uchishandisa Fail2Ban, iyo inongoshanda zvichibva pane audit.log. Iyo zvakare tsika yakanaka yekuwedzera cron basa rekuita rairo grep -ir "invalid password" /opt/zimbra/log/audit.logkugamuchira zuva nezuva login kukundikana ruzivo.

Muenzaniso wekuti audit.log inoratidza sei password yakapinda kaviri zvisizvo uye kuyedza kwakabudirira kupinda.

Marogi muZimbra OSE anogona kubatsira zvakanyanya mukuona zvikonzero zvekutadza kwakasiyana kwakakomba. Panguva iyo kukanganisa kwakanyanya kunoitika, maneja kazhinji haana nguva yekuverenga matanda. Inodiwa kudzorera sevha nekukurumidza sezvinobvira. Zvisinei, gare gare, kana sevha ichidzoka uye ichigadzira matanda akawanda, zvinogona kuva zvakaoma kuwana inodiwa yekupinda mufaira hombe. Kuti ikurumidze kuwana rekodhi yekukanganisa, zvakakwana kuziva nguva iyo sevha yakatanga zvakare uye kuwana yekupinda mumatanda ekufambidzana kubva panguva ino. Zvapfuura zvichange zviri rekodhi yekukanganisa kwakaitika. Iwe unogona zvakare kuwana iyo yekukanganisa meseji nekutsvaga keyword FATAL.

Zimbra OSE matanda zvakare inobvumidza iwe kuona kusiri-kukosha kukundikana. Semuenzaniso, kuti uwane kusarudzika kwemubati, unogona kutsvaga kusarudzika kwemubati. Kazhinji, zvikanganiso zvinogadzirwa nevanobata zvinoperekedzwa ne stack trace inotsanangura chakakonzera kusarudzika. Kana pane kukanganisa nekutumira tsamba, unofanirwa kutanga kutsvaga neLmtpServer keyword, uye kutsvaga zvikanganiso zvine chekuita nePOP kana IMAP protocol, unogona kushandisa ImapServer nePop3Server keywords.

Marogi anogonawo kubatsira kana uchiongorora zviitiko zvekuchengetedza ruzivo. Ngatitarisei muenzaniso chaiwo. Musi waGunyana 20, mumwe wevashandi akatumira tsamba ine hutachiona kune mutengi. Nekuda kweizvozvo, iyo data pakombiyuta yemutengi yakavharwa. Zvisinei, mushandi anopika kuti hapana chaatumira. Sechikamu chekuferefeta kwechiitiko ichi, bhizinesi rekuchengetedza sevhisi rinokumbira kubva kune system administrator iyo mail server logs yaGunyana 20 ine chekuita nemushandisi ari kuferefetwa. Nekuda kwechitambi chenguva, maneja wehurongwa anowana iyo inodiwa faira regi, anobvisa ruzivo rwakakosha uye oendesa kune vanochengetedza nyanzvi. Avo, ivowo, vanotarisa mukati mayo uye vanoona kuti IP kero kubva kune iyi tsamba yakatumirwa inofanana neiyo IP kero yekombuta yemushandisi. Mifananidzo yeCCTV yakasimbisa kuti mushandi aive kubasa kwake pakatumirwa tsamba. Iyi data yaive yakakwana kumupomera mhosva yekutyora mitemo yekuchengetedza ruzivo uye kumudzinga basa. 

Muenzaniso wekutora marekodhi nezveimwe yeakaundi kubva kuMailbox.log pinda mune imwe faira

Zvese zvinova zvakanyanya kuomarara kana zvasvika kune akawanda-server zvivakwa. Sezvo matanda achiunganidzwa munharaunda, kushanda navo mu-multi-server zvivakwa kune zvakanyanya kusagadzikana uye saka pane chinodiwa chekuisa pakati kuunganidzwa kwematanda. Izvi zvinogona kuitwa nekumisa muenzi kuti atore matanda. Iko hakuna kunyanya kudikanwa kwekuwedzera yakazvitsaurira host kune zvivakwa. Chero mail server inogona kuita senge node yekuunganidza matanda. Kwatiri, iyi ichave iyo Mailstore01 node.

Pane iyi server isu tinofanirwa kuisa iyo pazasi mirairo:

sudo su – zimbra 
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -v

Rongedza iyo /etc/sysconfig/rsyslog faira, uye isa iyo SYSLOGD_OPTIONS=”-r -c 2″

Rongedza /etc/rsyslog.conf uye uncomment mitsara inotevera:
$ModLoad imudp
$UDPServerRun 514

Pinda inotevera mirairo:

sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeys

Unogona kutarisa kuti zvese zviri kushanda uchishandisa murairo zmprov gacf | grep zimbraLogHostname. Mushure mekuita murairo, zita remuiti anounganidza matanda rinofanira kuratidzwa. Kuti uchinje, unofanira kuisa murairo zmprov mcf zimbraLogHostname mailstore01.company.ru.

Pane mamwe ese maseva ezvivakwa (LDAP, MTA uye zvimwe zvitoro zvetsamba), mhanyisa murairo zmprov gacf |grep zimbraLogHostname kuti uone zita remuenzi kunotumirwa matanda. Kuti uchinje, unogona zvakare kuisa murairo zmprov mcf zimbraLogHostname mailstore01.company.ru

Iwe unofanirwawo kuisa iyo inotevera mirairo pane yega yega server:

sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restart

Mushure meizvi, matanda ese acharekodhwa pane sevha yawakatsanangura, kwaanogona kutariswa zviri nyore. Zvakare, muZimbra OSE administrator console, pane iyo skrini ine ruzivo nezve mamiriro emaseva, iyo inomhanya Logger sevhisi icharatidzwa chete kune mailstore01 server.

Imwe musoro wemusoro wemaneja unogona kunge uri kuchengeta imwe email email. Sezvo maemail muZimbra OSE achipfuura nezviitiko zvakasiyana siyana kamwechete: scanning neantivirus, antispam, zvichingodaro, isati yagamuchirwa kana kutumirwa, kune maneja, kana iyo email ikasasvika, zvinogona kunetsa kutsvaga kuti ndeipi nhanho. yakanga yarasika .

Kuti ugadzirise dambudziko iri, unogona kushandisa script yakakosha, iyo yakagadzirwa neruzivo rwekuchengetedza ruzivo Viktor Dukhovny uye yakakurudzirwa kuti ishandiswe nevagadziri vePostfix. Iyi script inosungirirana mapindiro kubva mumatanda kune yakatarwa maitiro uye, nekuda kweizvi, inobvumidza iwe kukurumidza kuratidza zvese zvinyorwa zvine chekuita nekutumira imwe tsamba zvichibva pane yayo identifier. Basa rayo rakaedzwa pane ese mavhezheni eZimbra OSE, kutanga kubva 8.7. Heino rugwaro rwechinyorwa.

#! /usr/bin/perl

use strict;
use warnings;

# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);

my $instre = qr{(?x)
	A			# Absolute line start
	(?:S+ s+){3} 		# Timestamp, adjust for other time formats
	S+ s+ 		# Hostname
	(postfix(?:-[^/s]+)?)	# Capture instance name stopping before first '/'
	(?:/S+)*		# Optional non-captured '/'-delimited qualifiers
	/			# Final '/' before the daemon program name
	};

my $cmdpidre = qr{(?x)
	G			# Continue from previous match
	(S+)[(d+)]:s+	# command[pid]:
};

my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;

my %isagent = map { ($_, 1) } @agents;

while (<>) {
	next unless m{$instre}ogc; my $inst = $1;
	next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;

	if ($command eq "smtpd") {
		if (m{Gconnect from }gc) {
			# Start new log
			$smtpd{$pid}->{"log"} = $_; next;
		}

		$smtpd{$pid}->{"log"} .= $_;

		if (m{G(w+): client=}gc) {
			# Fresh transaction 
			my $qid = "$inst/$1";
			$smtpd{$pid}->{"qid"} = $qid;
			$transaction{$qid} = $smtpd{$pid}->{"log"};
			$seqno{$qid} = ++$i;
			next;
		}

		my $qid = $smtpd{$pid}->{"qid"};
		$transaction{$qid} .= $_
			if (defined($qid) && exists $transaction{$qid});
		delete $smtpd{$pid} if (m{Gdisconnect from}gc);
		next;
	}

	if ($command eq "pickup") {
		if (m{G(w+): uid=}gc) {
			my $qid = "$inst/$1";
			$transaction{$qid} = $_;
			$seqno{$qid} = ++$i;
		}
		next;
	}

	# bounce(8) logs transaction start after cleanup(8) already logged
	# the message-id, so the cleanup log entry may be first
	#
	if ($command eq "cleanup") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		$transaction{$qid} .= $_;
		$seqno{$qid} = ++$i if (! exists $seqno{$qid});
		next;
	}

	if ($command eq "qmgr") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		if (defined($transaction{$qid})) {
			$transaction{$qid} .= $_;
			if (m{Gremoved$}gc) {
				print delete $transaction{$qid}, "n";
			}
		}
		next;
	}

	# Save pre-delivery messages for smtp(8) and lmtp(8)
	#
	if ($command eq "smtp" || $command eq "lmtp") {
		$smtp{$pid} .= $_;

		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $smtp{$pid};
			}
			delete $smtp{$pid};
		}
		next;
	}

	if ($command eq "bounce") {
		if (m{G(w+): .*? notification: (w+)$}gc) {
			my $qid = "$inst/$1";
			my $newid = "$inst/$2";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
			$transaction{$newid} =
				$_ . $transaction{$newid};
			$seqno{$newid} = ++$i if (! exists $seqno{$newid});
		}
		next;
	}

	if ($isagent{$command}) {
		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
		}
		next;
	}
}

# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
    print $transaction{$qid}, "n";
}

Iyo script yakanyorwa muPerl uye kuti uiite unofanirwa kuichengeta kune faira collate.pl, ita kuti iite, wobva wamhanyisa faira richitsanangura irogi faira uye uchishandisa pgrep kuburitsa ruzivo rwechiratidzo chetsamba yauri kutsvaga. Collate.pl /var/log/zimbra.log | pgrep[email inodzivirirwa]>'. Mhedzisiro ichave yakatevedzana kubuda kwemitsara ine ruzivo nezvekufamba kwetsamba paserver.

# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removed

Pamibvunzo yese ine chekuita neZextras Suite, unogona kubata Zextras Representative Ekaterina Triandafilidi neemail. [email inodzivirirwa]

Source: www.habr.com