ProHoster > Блог > wararka internetka > Siideynta Boostada ee Postfix 3.6.0

Siideynta Boostada ee Postfix 3.6.0

Sannad ka dib horumarinta, laan cusub oo xasilloon oo ka mid ah server-ka boostada Postfix ayaa la sii daayay - 3.6.0. Isla mar ahaantaana, waxay ku dhawaaqday dhamaadka taageerada laanta Postfix 3.2, oo la sii daayay horraantii 2017. Postfix waa mid ka mid ah mashaariicda naadir ah ee isku dara amniga sare, isku halaynta iyo waxqabadka isla mar ahaantaana, taas oo lagu gaadhay mahadnaqa qaab dhismeedka si wanaagsan looga fikiray iyo siyaasad cadaalad ah oo adag oo loogu talagalay naqshadaynta koodhka iyo xisaabinta balastar. Xeerka mashruuca waxa lagu qaybiyaa EPL 2.0 (Shatiga Dadweynaha Eclipse) iyo IPL 1.0 (IBM Public License).

Marka loo eego sahan otomaatig ah bishii Abriil oo ku saabsan 600 kun oo adeegayaal boosto ah, Postfix waxaa loo isticmaalaa 33.66% (sanad ka hor 34.29%) ee server-yada boostada, saamiga Exim waa 59.14% (57.77%), Sendmail - 3.6% (3.83) %), MailEnable - 2.02% (2.12%), MDaemon - 0.60% (0.77%), Microsoft Exchange - 0.32% (0.47%).

Hal-abuurka ugu muhiimsan:

  • Sababtoo ah isbeddelada borotokoolka gudaha ee loo isticmaalo isdhexgalka ka dhexeeya qaybaha Postfix, joojinta serverka boostada ee leh "postfix stop" ayaa loo baahan yahay kahor cusboonaysiinta. Haddii kale, waxaa jiri kara guuldarrooyin marka la falgalayo soo-qaadista, qmgr, xaqiijiso, tlsproxy, iyo hababka shaashadda, taas oo keeni karta dib-u-dhac dirida iimayllada ilaa Postfix dib loo bilaabo.
  • Erayada "caddaan" iyo "madow," oo ay xubnaha bulshada qaarkood u arkaan takoor isir, waa la nadiifiyay. Halkii laga heli lahaa "liiste cad" iyo "liiska madow", "ogolow" iyo "diidi" waa in hadda la adeegsadaa (tusaale ahaan, cabbirrada shaashadaha_allowlist_interfaces, shaashada_denylist_action iyo shaashadda_dnsbl_allowlist_threshold). Isbeddelku waxay saameeyaan dukumeentiyada, habaynta habka shaashadda dambe (lagu dhisay darbiga dabka) iyo milicsiga macluumaadka ku jira diiwaanka. postfix/shaashadda dambe[pid]: ALLOWLIST VETO [cinwaanka]: dekedda postfix/shaashadda dambe[pid]: LA OGOLAADAY [cinwaanka]: dekedda postfix/shaashadda[pid]: DIIDAY [cinwaan]: deked

    Si loo ilaaliyo ereyadii hore ee ku jira diiwaanka, "respectful_logging = maya" halbeegga ayaa la bixiyaa, kaas oo ah in lagu qeexo main.cf ka hor "compatibility_level = 3.6". Taageerada habaynta hore ee shaashada boostada ayaa loo haystey in ay dib u waafaqsan tahay. Sidoo kale, faylka qaabeynta "master.cf" isma beddelin hadda.

  • Habka "waafaqsanaanta_level = 3.6", beddelka caadiga ah waxaa loo sameeyay si uu u isticmaalo shaqada SHA256 hash halkii MD5. Haddii aad u dejiso nooc hore ee cabbirka waafaqsan_level, MD5 waa la sii isticmaalayaa, laakiin goobaha la xidhiidha isticmaalka xashiishka oo algoorithm-ka aan si cad loo qeexin, digniin ayaa lagu soo bandhigi doonaa log. Taageerada nooca dhoofinta ee borotokoolka sarrifka furaha Diffie-Hellman waa la joojiyay (qiimaha tlsproxy_tls_dh512_param_file parameter hadda waa la iska indhatiray).
  • Cilad-sheegid la fududeeyay ee dhibaatooyinka la xidhiidha qeexida barnaamijka maamule ee khaldan ee master.cf. Si loo ogaado khaladaadkan oo kale, adeeg kasta oo dhabarka ah, oo ay ku jiraan postdrop, hadda waxa uu xayaysiiyaa magaca borotokoolka ka hor inta aanu bilaabin isgaadhsiinta, iyo habka macmiil kasta, oo ay ku jirto diritaanka, waxa uu hubinayaa in magaca borotokoolka la xayaysiiyay uu u dhigmayo kala duwanaanshaha la taageeray.
  • Waxaa lagu daray nooc cusub oo khariidad "local_login_sender_maps" si loo xakameeyo dabacsanaanta meelaynta ciwaanka baqshadda soo diraha (oo lagu bixiyo amarka "MAIL FROM" inta lagu jiro fadhiga SMTP) habka dirida iyo dib u dhigista. Tusaale ahaan, si loogu oggolaado isticmaalayaasha maxalliga ah, marka laga reebo xididka iyo postfix, inay ku qeexaan gelitaanka kaliya ee boostada, adoo isticmaalaya UID oo ku xiraya magaca, waxaad isticmaali kartaa goobaha soo socda: /etc/postfix/main.cf: local_login_sender_maps = inline : { {xidid = *} , {postfix = *}}, pcre:/etc/postfix/login_senders /etc/postfix/login_senders: # Sheegidda labadaba login iyo foomka login@domain waa la oggol yahay. /(.+)/ $1 $1…@example.com
  • Waxaa lagu daray oo karti loo siiyay si toos ah "smtpd_relay_before_recipient_restrictions=haa", kaas oo server-ka SMTP uu hubin doono smtpd_relay_restrictions ka hor smtpd_recipient_restrictions, oo aan lid ku ahayn, sidii hore.
  • Halbeegyada lagu daray "smtpd_sasl_mechanism_list", kaas oo u qalma "!external, static:rest" si looga hortago khaladaadka jahawareerka ah ee kiiska halka SASL backend ay sheeganayaan inay taageeraan qaabka "EXTERNAL", kaas oo aan lagu taageerin Postfix.
  • Marka lagu xalinayo magacyada DNS, API cusub oo taageera multithreading (threadsafe) ayaa si toos ah u shaqeeya. Si aad u dhisto API-gii hore, waa in aad sheegtaa " makefiles CCARGS="-DNO_RES_NCALLS..." markaad dhisayso.
  • Lagu daray "enable_threaded_bounces = haa" si loogu beddelo ogaysiisyada ku saabsan dhibaatooyinka gaarsiinta, keenista daahitaanka ama xaqiijinta keenista isla aqoonsiga wada hadalka (ogaysiinta waxaa tusi doona macmiilka boostada ee isla dunta, iyo fariimaha kale ee waraaqaha).
  • Sida caadiga ah, xogta nidaamka /etc/services looma isticmaalo si loo go'aamiyo lambarada dekeda TCP ee SMTP iyo LMTP. Taa baddalkeeda, nambarada dekedaha waxaa lagu habeeyey heerka loo yaqaan_tcp_ports parameter (default lmtp=24, smtp=25, smtps=soo gudbinta=465, gudbinta=587). Haddii adeegga qaar ka maqan yahay caan_tcp_ports, /etc/services ayaa sii socota in la isticmaalo.
  • Heerka iswaafajinta ("heerka_waafaqsanaanta") ayaa kor loogu qaaday "3.6" (halbeegga waxaa la bedelay laba jeer oo hore, marka laga reebo 3.6 qiimaha la taageeray waa 0 (default), 1 iyo 2). Hadda wixii ka dambeeya, "heerka_waafaqsanaanta" waxa uu isu beddeli doonaa nambarka nooca kaas oo isbeddelada lagu sameeyay ku xad-gudbida waafaqsanaanta. Si loo hubiyo heerarka la jaanqaadida, hawlwadeenada isbarbardhigga ayaa lagu daray main.cf iyo master.cf, sida “<=heer” iyo “<heerka”

Source: opennet.ru

Add a comment