Wamkelekile! Namhlanje siza kukuxelela indlela yokwenza izicwangciso zokuqala zesango leposi -Izisombululo zokhuseleko ze-imeyile ye-Fortinet. Ngexesha lenqaku siza kujonga i-layout esiza kusebenza ngayo kwaye senze uqwalaselo , okuyimfuneko ekufumaneni nasekujongeni iileta, kwaye siya kuvavanya ukusebenza kwayo. Ngokusekelwe kumava ethu, sinokuthi ngokukhuselekileyo ukuba inkqubo ilula kakhulu, kwaye nasemva koqwalaselo oluncinci ungabona iziphumo.
Masiqale ngoyilo lwangoku. Iboniswe kumzobo ongezantsi.
Ekunene sibona ikhompyutha yomsebenzisi wangaphandle, apho siya kuthumela i-imeyile kumsebenzisi kwinethiwekhi yangaphakathi. Inethiwekhi yangaphakathi iqulethe ikhompyutha yomsebenzisi, umlawuli wesizinda kunye neseva ye-DNS esebenza kuyo, kunye neseva yeposi. Emaphethelweni womnatha kukho i-firewall - i-FortiGate, eyona nto iphambili kukulungisa i-SMTP kunye ne-DNS yokuthunyelwa kwetrafikhi.
Masinikele ingqalelo ekhethekileyo kwi-DNS.
Kukho iirekhodi ezimbini zeDNS ezisetyenziselwa ukuhambisa i-imeyile kwi-Intanethi-irekhodi A kunye nerekhodi yeMX. Ngokuqhelekileyo, ezi rekhodi ze-DNS ziqwalaselwe kwi-server ye-DNS kawonkewonke, kodwa ngenxa yemida yokwakheka, sithumela nje i-DNS nge-firewall (oko kukuthi, umsebenzisi wangaphandle unedilesi 10.10.30.210 ebhaliswe njengeseva ye-DNS).
Irekhodi ye-MX yirekhodi equlethe igama leseva yeposi ekhonza isizinda, kunye nokuphambili komncedisi weposi. Kwimeko yethu ibonakala ngathi: test.local -> mail.test.local 10.
Irekhodi lirekhodi eliguqula igama lesizinda kwidilesi ye-IP, kuthi kuthi: mail.test.local -> 10.10.30.210.
Xa umsebenzisi wethu wangaphandle ezama ukuthumela i-imeyile kuyo [imeyile ikhuselwe], iya kubuza iseva yayo ye-DNS MX kwirekhodi yesizinda sovavanyo.local. Umncedisi wethu we-DNS uya kuphendula ngegama lomncedisi weposi - mail.test.local. Ngoku umsebenzisi kufuneka afumane idilesi ye-IP yalo mncedisi, ngoko ke uphinda afikelele kwi-DNS yerekhodi A kwaye afumane idilesi ye-IP 10.10.30.210 (ewe, eyakhe kwakhona :) ). Ungathumela ileta. Ngoko ke, izama ukuseka umdibaniso kwidilesi ye-IP efunyenweyo kwi-port 25. Ukusebenzisa imigaqo kwi-firewall, olu qhagamshelwano luthunyelwa kwiseva yemeyile.
Makhe sijonge ukusebenza kweposi kwimo yangoku yoyilo. Ukwenza oku, siya kusebenzisa i-swaks eluncedo kwikhompyuter yomsebenzisi wangaphandle. Ngoncedo lwayo, unokuvavanya ukusebenza kwe-SMTP ngokuthumela umamkeli unobumba kunye neseti yeeparamitha ezahlukeneyo. Ngaphambili, umsebenzisi onebhokisi yeposi sele eyilwe kwiseva yemeyile [imeyile ikhuselwe]. Masizame ukumthumelela ileta:
Ngoku masiye kumatshini womsebenzisi wangaphakathi kwaye siqinisekise ukuba ileta ifikile:
Ifikile ngokwenene ileta (iphawulwe kuluhlu). Oku kuthetha ukuba uyilo lusebenza ngokuchanekileyo. Ngoku lixesha lokudlulela kwi-FortiMail. Makhe songeze kwisakhiwo sethu:
I-FortiMail inokusasazwa ngeendlela ezintathu:
- Isango - lisebenza njenge MTA epheleleyo: ithatha yonke imeyile, iyikhangele, kwaye emva koko iyigqithisele kumncedisi weposi;
- Transparent - okanye ngamanye amazwi, imo ecacileyo. Ifakwe phambi komncedisi kwaye ijonga imeyile engenayo nephumayo. Emva koko, idlulisela kwiseva. Ayifuni tshintsho kubumbeko bothungelwano.
- Umncedisi - kulo mzekelo, i-FortiMail yiseva yeposi egcwele ngokupheleleyo ekwaziyo ukwenza iibhokisi zeposi, ukufumana nokuthumela imeyile, kunye nokunye ukusebenza.
Siza kuhambisa i-FortiMail kwimodi yeSango. Makhe siye kwisetingi zomatshini wenyani. Ngena ngu admin, akukho gama liyimfihlo lichaziweyo. Xa ungena okokuqala, kufuneka usete igama eligqithisiweyo elitsha.
Ngoku makhe siqwalasele umatshini wenyani ukufikelela kujongano lwewebhu. Kukwayimfuneko ukuba umatshini ube nokufikelela kwi-Intanethi. Masimise ujongano. Sifuna kuphela izibuko1. Ngoncedo lwayo siya kudibanisa kwi-interface yewebhu, kwaye iya kusetyenziselwa ukufikelela kwi-Intanethi. Ukufikelela kwi-Intanethi kuyafuneka ukuze kuhlaziywe iinkonzo (i-antivirus signatures, njl.). Kubumbeko, ngenisa imiyalelo:
ujongano lwenkqubo yoqwalaselo
hlela izibuko 1
cwangcisa ip 192.168.1.40 255.255.255.0
misela ufikelelo https://ssh ping
isiphelo
Ngoku makhe siqwalasele indlela. Ukwenza oku kufuneka ufake le miyalelo ilandelayo:
cwangcisa indlela yenkqubo
hlela 1
misela isango 192.168.1.1
seta ujongano lwezibuko1
isiphelo
Xa ufaka imiyalelo, ungasebenzisa iithebhu ukunqanda ukuyichwetheza ngokupheleleyo. Kwakhona, ukuba uyalibala ukuba ngowuphi umyalelo ekufuneka uze ngokulandelayo, ungasebenzisa iqhosha elithi “?”.
Ngoku makhe sijonge uqhagamshelo lwakho lwe-Intanethi. Ukwenza oku, makhe sibethe iGoogle DNS:
Njengoko ubona, ngoku sine-Intanethi. Iisetingi zokuqala eziqhelekileyo kuzo zonke izixhobo zeFortinet zigqityiwe, kwaye ngoku ungaqhubeka noqwalaselo usebenzisa ujongano lwewebhu. Ukwenza oku, vula iphepha lolawulo:
Nceda uqaphele ukuba kufuneka ulandele ikhonkco kwifomathi /umlawuli. Ngaphandle koko, awuyi kukwazi ukufikelela kwiphepha lolawulo. Ngokungagqibekanga, iphepha likwimowudi yoqwalaselo eqhelekileyo. Kuseto sifuna imowudi ekwiNtu. Makhe siye kulawulo-> Jonga imenyu kwaye utshintshe imo kwi-Advanced:
Ngoku kufuneka sikhuphe ilayisensi yovavanyo. Oku kunokwenziwa kwimenyu Ulwazi lweLayisensi → VM → Hlaziya:
Ukuba awunayo ilayisensi yovavanyo, ungacela enye ngokuqhagamshelana .
Emva kokungena ilayisenisi, isixhobo kufuneka siqalise kwakhona. Kwixesha elizayo, iya kuqalisa ukutsala uhlaziyo koovimba beenkcukacha zayo kwiiseva. Ukuba oku akwenzeki ngokuzenzekelayo, ungaya kwiNkqubo → FortiGuard menu kwaye kwiAntivirus, iithebhu zeAntispam cofa kwi Hlaziya ngoku iqhosha.
Ukuba oku akuncedi, ungatshintsha amazibuko asetyenziselwa uhlaziyo. Ngesiqhelo emva koku zonke iilayisensi ziyavela. Ekugqibeleni kufuneka kubonakale ngolu hlobo:
Masiseke indawo yexesha elichanekileyo, oku kuya kuba luncedo xa uhlola iilogi. Ukwenza oku, yiya kwiNkqubo → Uqwalaselo lwemenyu:
Siza kuqwalasela kwakhona i-DNS. Siza kuqwalasela iseva ye-DNS yangaphakathi njengomncedisi oyintloko we-DNS, kwaye ushiye iseva ye-DNS enikezwe yi-Fortinet njenge-backup.
Ngoku masiqhubele phambili kwinxalenye yolonwabo. Njengoko usenokuba uqaphele, ifowuni imiselwe kwimowudi yeGateway ngokungagqibekanga. Ngoko ke, akuyomfuneko ukuba siyitshintshe. Masiyeni kwiDomain kunye noMsebenzisi → Indawo yommandla. Masenze isizinda esitsha esifuna ukukhuselwa. Apha sifuna kuphela ukucacisa igama lesizinda kunye nedilesi yeseva yemeyile (ungaphinda ucacise igama lesizinda, kwimeko yethu mail.test.local):
Ngoku kufuneka sinikeze igama lesango lemeyile yethu. Oku kuya kusetyenziswa kwiirekhodi ze-MX kunye no-A, ekuya kufuneka sizitshintshe kamva:
Ukusuka kwiGama loMsingi kunye namanqaku egama leNdawo yeNdawo, i-FQDN iqulunqwe, esetyenziswa kwiirekhodi zeDNS. Kwimeko yethu, FQDN = fortimail.test.local.
Ngoku makhe simise umthetho wokwamkela. Sifuna zonke ii-imeyile ezivela ngaphandle kwaye zinikezelwe kumsebenzisi kwidomeyini ukuba zithunyelwe kwiseva yeposi. Ukwenza oku, yiya kwimenyu Umgaqo-nkqubo → Ulawulo lokuFikelela. Umzekelo wokuseta uboniswe ngezantsi:
Makhe sijonge iPolisi yoMmkeli ithebhu. Apha ungacwangcisa imigaqo ethile yokujonga iileta: ukuba imeyile isuka kwi-domain ye-example1.com, kufuneka uyikhangele ngeendlela eziqwalaselelwe ngqo lo mmandla. Sele kukho umgaqo omiselweyo wayo yonke imeyile, kwaye okwangoku iyasifanela. Ungawubona lo mgaqo kulo mfanekiso ungezantsi:
Ngeli xesha, ukuseta kwi-FortiMail kunokuqwalaselwa kugqityiwe. Enyanisweni, kukho ezininzi iiparameters ezinokwenzeka, kodwa ukuba siqala ukuqwalasela zonke, sinokubhala incwadi :) Kwaye injongo yethu kukuqalisa i-FortiMail kwimodi yokuvavanya ngomzamo omncinci.
Kukho izinto ezimbini ezishiyekileyo - tshintsha i-MX kunye neerekhodi ze-A, kwaye utshintshe imithetho yokuthunyelwa kwezibuko kwi-firewall.
Irekhodi yeMX test.local -> mail.test.local 10 kufuneka itshintshwe ibe test.local -> fortimail.test.local 10. Kodwa ngokuqhelekileyo ngexesha lomqhubi irekhodi leMX yesibini kunye nokubaluleka okuphezulu kongezwa. Umzekelo:
test.local -> mail.test.local 10
test.local -> fortimail.test.local 5
Mandikukhumbuze ukuba okukhona usezantsi inombolo ye-ordinal yokukhethwa kweseva yeposi kwirekhodi yeMX, kokukhona iphezulu iphambili yayo.
Kwaye ingeniso ayinakuguqulwa, ngoko siza kudala entsha: fortimail.test.local -> 10.10.30.210. Umsebenzisi wangaphandle uya kuqhagamshelana nedilesi 10.10.30.210 kwi-port 25, kwaye i-firewall iya kuthumela uqhagamshelwano kwi-FortiMail.
Ukuze utshintshe umthetho wokuthumela kwi-FortiGate, kufuneka utshintshe idilesi kwizinto ezihambelanayo ze-IP ezihambelanayo:
Zonke zilungile. Makhe sijonge. Masithumele ileta kwakhona isuka kwikhompyuter yomsebenzisi wangaphandle. Ngoku masiye kwiFortiMail kwiMonitor → Iilog zemenyu. Kwindawo yeMbali ungabona irekhodi ukuba ileta yamkelwe. Ngolwazi oluthe kratya, unokucofa-ekunene kwingeniso kwaye ukhethe Iinkcukacha:
Ukugqiba umfanekiso, masijonge ukuba iFortiMail kuqwalaselo lwayo lwangoku ingavala ii-imeyile eziqulathe ugaxekile kunye neentsholongwane. Ukwenza oku, siya kuthumela i-eicar test virus kunye neleta yovavanyo efunyenwe kwenye yedatha ye-spam mail (http://untroubled.org/spam/). Emva koku, makhe sibuyele kwimenyu yokujonga yelog:
Njengoko sibona, zombini i-spam kunye neleta enentsholongwane ziye zachongwa ngempumelelo.
Olu lungelelwaniso lwanele ukunika ukhuseleko olusisiseko kwiintsholongwane kunye nogaxekile. Kodwa ukusebenza kweFortiMail akuphelelanga koku. Ukufumana ukhuseleko olusebenzayo ngakumbi, kufuneka ufunde iindlela ezikhoyo kwaye uzenze ngokwezidingo zakho. Kwixesha elizayo, siceba ukuqaqambisa ezinye, iifitsha eziphambili zale gateway yemeyile.
Ukuba unayo nayiphi na ingxaki okanye imibuzo malunga nesisombululo, zibhale kwizimvo, siya kuzama ukuyiphendula ngokukhawuleza.
Ungangenisa isicelo selayisensi yovavanyo ukuvavanya isisombululo .
Umbhali: Alexey Nikulin. Injineli yoKhuseleko loLwazi iFortiservice.
umthombo: www.habr.com