Siyakwamukela! Namuhla sizokutshela ukuthi ungenza kanjani izilungiselelo zokuqala zesango lemeyili - Izixazululo zokuphepha ze-imeyili ze-Fortinet. Phakathi nesihloko sizobheka isakhiwo esizosebenza ngaso futhi senze ukumisa , okudingekayo ekutholeni nasekuhloleni izincwadi, futhi sizohlola nokusebenza kwayo. Ngokusekelwe kokuhlangenwe nakho kwethu, singasho ngokuphepha ukuthi inqubo ilula kakhulu, futhi ngisho nangemva kokucushwa okuncane ungabona imiphumela.
Ake siqale ngesakhiwo samanje. Kuboniswa esithombeni esingezansi.
Ngakwesokudla sibona ikhompuyutha yomsebenzisi wangaphandle, lapho sizothumela khona imeyili kumsebenzisi kunethiwekhi yangaphakathi. Inethiwekhi yangaphakathi iqukethe ikhompuyutha yomsebenzisi, isilawuli sesizinda esineseva ye-DNS esebenza kuyo, kanye neseva yemeyili. Emaphethelweni enethiwekhi kukhona i-firewall - i-FortiGate, isici esiyinhloko esiwukumisa i-SMTP ne-DNS yokudlulisa ithrafikhi.
Ake sinake ngokukhethekile i-DNS.
Kunamarekhodi amabili e-DNS asetshenziselwa ukuhambisa i-imeyili ku-inthanethi—irekhodi elingu-A kanye nerekhodi le-MX. Ngokuvamile, lawa marekhodi e-DNS acushwa kuseva ye-DNS yomphakathi, kodwa ngenxa yemikhawulo yesakhiwo, simane sidlulisele i-DNS ngohlelo lokuvikela (okungukuthi, umsebenzisi wangaphandle unekheli elithi 10.10.30.210 elibhaliswe njengeseva ye-DNS).
Irekhodi le-MX irekhodi eliqukethe igama leseva yemeyili esebenzela isizinda, kanye nokubalulekile kwalesi siphakeli semeyili. Esimeni sethu kubukeka kanje: test.local -> mail.test.local 10.
Irekhodi irekhodi eliguqula igama lesizinda libe yikheli lasesizindeni se-inthanethi, kithina yileli: mail.test.local -> 10.10.30.210.
Uma umsebenzisi wethu wangaphandle ezama ukuthumela i-imeyili ku [i-imeyili ivikelwe], izobuza iseva yayo ye-DNS MX ngerekhodi lesizinda se-test.local. Iseva yethu ye-DNS izophendula ngegama leseva yemeyili - mail.test.local. Manje umsebenzisi udinga ukuthola ikheli le-IP lale seva, ngakho-ke uyaphinda afinyelele i-DNS yerekhodi A futhi athole ikheli le-IP 10.10.30.210 (yebo, elakhe futhi :) ). Ungathumela incwadi. Ngakho-ke, izama ukusungula uxhumano ekhelini le-IP elitholiwe ku-port 25. Kusetshenziswa imithetho ku-firewall, lokhu kuxhumana kudluliselwa kuseva yemeyili.
Ake sihlole ukusebenza kwemeyili esimweni samanje sesakhiwo. Ukwenza lokhu, sizosebenzisa insiza ye-swaks kukhompyutha yomsebenzisi wangaphandle. Ngosizo lwayo, ungahlola ukusebenza kwe-SMTP ngokuthumela umamukeli incwadi enesethi yamapharamitha ahlukahlukene. Ngaphambilini, umsebenzisi onebhokisi lemeyili usevele edaliwe kuseva yemeyili [i-imeyili ivikelwe]. Ake sizame ukumthumelela incwadi:
Manje ake siye emshinini womsebenzisi wangaphakathi futhi siqinisekise ukuthi incwadi isifikile:
Incwadi yafika ngempela (igqanyisiwe ohlwini). Lokhu kusho ukuthi isakhiwo sisebenza ngendlela efanele. Manje yisikhathi sokudlulela ku-FortiMail. Masingeze esakhiweni sethu:
I-FortiMail ingasatshalaliswa ngezindlela ezintathu:
- Isango - lisebenza njenge-MTA egcwele ngokugcwele: lithatha wonke ama-imeyili, liyihlole, bese liyidlulisela kuseva yemeyili;
- Transparent - noma ngamanye amazwi, imodi esobala. Ifakwe phambi kweseva futhi ihlola imeyili engenayo naphumayo. Ngemva kwalokho, idlulisela kuseva. Ayidingi izinguquko ekucushweni kwenethiwekhi.
- Iseva - kulokhu, i-FortiMail iyiseva yemeyili egcwele ngokugcwele enekhono lokudala amabhokisi eposi, ukwamukela nokuthumela i-imeyili, kanye nokunye ukusebenza.
Sizosebenzisa i-FortiMail kumodi ye-Gateway. Ake siye kuzilungiselelo zomshini obonakalayo. Ukungena ngemvume kungumqondisi, akukho phasiwedi eshiwo. Uma ungena okokuqala, kufanele usethe iphasiwedi entsha.
Manje ake silungiselele umshini obonakalayo ukuze ufinyelele isixhumi esibonakalayo sewebhu. Kuyadingeka futhi ukuthi umshini ube nokufinyelela ku-inthanethi. Masimise isixhumi esibonakalayo. Sidinga port1 kuphela. Ngosizo lwayo sizoxhuma kusixhumi esibonakalayo sewebhu, futhi sizosetshenziselwa ukufinyelela i-inthanethi. Ukufinyelela i-inthanethi kuyadingeka ukuze ubuyekeze izinsiza (amasignesha okuvikela amagciwane, njll.). Ukuze ulungise, faka imiyalo:
config interface yesistimu
hlela imbobo 1
setha ip 192.168.1.40 255.255.255.0
setha imvume yokufinyelela https http ssh ping
ekupheleni
Manje ake silungiselele umzila. Ukuze wenze lokhu udinga ukufaka imiyalo elandelayo:
hlela umzila wesistimu
hlela 1
setha isango 192.168.1.1
setha i-interface port1
ekupheleni
Uma ufaka imiyalo, ungasebenzisa amathebhu ukuze ugweme ukuwabhala ngokugcwele. Futhi, uma ukhohlwa ukuthi yimuphi umyalo okufanele ulandele, ungasebenzisa ukhiye othi “?”.
Manje ake sihlole uxhumano lwakho lwe-inthanethi. Ukwenza lokhu, ake sixhume i-Google DNS:
Njengoba ubona, manje sine-inthanethi. Izilungiselelo zokuqala ezijwayelekile zawo wonke amadivayisi we-Fortinet seziqediwe, futhi manje ungaqhubeka nokumisa usebenzisa isixhumi esibonakalayo sewebhu. Ukuze wenze lokhu, vula ikhasi lokuphatha:
Sicela uqaphele ukuthi udinga ukulandela isixhumanisi ngefomethi /admin. Uma kungenjalo, ngeke ukwazi ukufinyelela ikhasi lokuphatha. Ngokuzenzakalelayo, ikhasi likumodi evamile yokumisa. Ngezilungiselelo sidinga Imodi Ethuthukile. Asiye ku-admin->Buka imenyu bese ushintsha imodi iye ku-Advanced:
Manje sidinga ukulanda ilayisensi yesilingo. Lokhu kungenziwa kumenyu Ulwazi Lwelayisensi → VM → Buyekeza:
Uma ungenayo ilayisense yokuhlola, ungayicela ngokuxhumana .
Ngemva kokufaka ilayisensi, idivayisi kufanele iqalise kabusha. Ngokuzayo, izoqala ukudonsa izibuyekezo kusizindalwazi sayo kusuka kumaseva. Uma lokhu kungenzeki ngokuzenzakalelayo, ungaya kokuthi Isistimu → Imenyu ye-FortiGuard futhi kokuthi I-Antivirus, amathebhu e-Antispam chofoza inkinobho ethi Buyekeza Manje.
Uma lokhu kungasizi, ungashintsha izimbobo ezisetshenziselwa izibuyekezo. Ngokuvamile ngemva kwalokhu wonke amalayisensi avela. Ekugcineni kufanele ibukeke kanje:
Masimise izoni yesikhathi efanele, lokhu kuzoba usizo lapho uhlola amalogi. Ukuze wenze lokhu, yiya kuSistimu → Ukucushwa kwemenyu:
Sizophinda silungise i-DNS. Sizomisa iseva ye-DNS yangaphakathi njengeseva eyinhloko ye-DNS, futhi sishiye iseva ye-DNS enikezwe i-Fortinet njengeyisipele.
Manje ake siqhubekele engxenyeni ejabulisayo. Njengoba kungenzeka ukuthi uqaphele, idivayisi isethwe kumodi ye-Gateway ngokuzenzakalelayo. Ngakho-ke, akudingekile ukuba sikushintshe. Ake siye kokuthi Isizinda Nomsebenzisi → Inkambu Yesizinda. Masidale isizinda esisha esidinga ukuvikelwa. Lapha sidinga kuphela ukucacisa igama lesizinda nekheli leseva yemeyili (ungaphinda ucacise igama lesizinda salo, esimweni sethu mail.test.local):
Manje sidinga ukuhlinzeka ngegama lesango lethu lemeyili. Lokhu kuzosetshenziswa kumarekhodi e-MX kanye no-A, okuzodingeka siwashintshe kamuva:
Kusukela ku-Host Name and Local Domain Name amaphuzu, i-FQDN iyahlanganiswa, esetshenziswa kumarekhodi e-DNS. Esimweni sethu, FQDN = fortimail.test.local.
Manje ake simise umthetho wokwamukela. Sidinga wonke ama-imeyili avela ngaphandle futhi anikezwe umsebenzisi esizindeni ukuze adluliselwe kuseva yemeyili. Ukuze wenze lokhu, yiya kumenyu Inqubomgomo → Ukulawula Ukufinyelela. Ukusethwa kwesibonelo kuboniswe ngezansi:
Ake sibheke ithebhu Yenqubomgomo Yomamukeli. Lapha ungasetha imithetho ethile yokuhlola izinhlamvu: uma i-imeyili ivela kusizindalwazi example1.com, udinga ukuyihlola ngezindlela ezilungiselelwe lesi sizinda ngqo. Sekuvele kunomthetho ozenzakalelayo wawo wonke amameyili, futhi okwamanje uyasifanela. Ungawubona lo mthetho esithombeni esingezansi:
Kuleli qophelo, ukusetha ku-FortiMail kungabhekwa njengokuphelele. Eqinisweni, kunamapharamitha amaningi angenzeka, kodwa uma siqala ukuwacabangela wonke, singabhala incwadi :) Futhi umgomo wethu uwukwethula i-FortiMail kumodi yokuhlola ngomzamo omncane.
Kusele izinto ezimbili - shintsha amarekhodi e-MX kanye ne-A, futhi ushintshe nemithetho yokudlulisa imbobo ku-firewall.
Irekhodi le-MX test.local -> mail.test.local 10 kumele ishintshwe ibe yi-test.local -> fortimail.test.local 10. Kodwa ngokuvamile ngesikhathi sabashayeli bezindiza irekhodi lesibili le-MX elibaluleke kakhulu liyengezwa. Ngokwesibonelo:
test.local -> mail.test.local 10
test.local -> fortimail.test.local 5
Ake ngikukhumbuze ukuthi ukuncipha kwenombolo ye-ordinal yezintandokazi zeseva yemeyili kurekhodi le-MX, kulapho kubaluleke kakhulu khona.
Futhi okufakiwe akunakushintshwa, ngakho-ke sizovele sakhe entsha: fortimail.test.local -> 10.10.30.210. Umsebenzisi wangaphandle uzoxhumana nekheli elithi 10.10.30.210 ku-port 25, futhi i-firewall izodlulisela uxhumano ku-FortiMail.
Ukuze uguqule umthetho wokudlulisela ku-FortiGate, udinga ukushintsha ikheli entweni ehambisanayo ye-Virtual IP:
Konke sekulungile. Ake sihlole. Masiphinde sithumele incwadi sisuka kukhompuyutha yomsebenzisi wangaphandle. Manje ake siye ku-FortiMail kumenyu ye-Monitor → Amalogi. Emkhakheni Womlando ungabona irekhodi ukuthi incwadi yamukelwe. Ukuze uthole ulwazi olwengeziwe, ungachofoza kwesokudla kokufakiwe bese ukhetha Imininingwane:
Ukuze siqedele isithombe, ake sihlole ukuthi i-FortiMail ekucushweni kwayo kwamanje ingawavimba yini ama-imeyili aqukethe ugaxekile namagciwane. Ukwenza lokhu, sizothumela igciwane lokuhlola i-eicar kanye nencwadi yokuhlola etholakala kwenye yedatha egciniwe yemeyili kagaxekile (http://untroubled.org/spam/). Ngemva kwalokhu, ake sibuyele emuva kumenyu yokubuka ilogu:
Njengoba singabona, kokubili ugaxekile kanye nencwadi enegciwane kukhonjwe ngempumelelo.
Lokhu kulungiselelwa kwanele ukunikeza isivikelo esiyisisekelo kumagciwane nogaxekile. Kodwa ukusebenza kwe-FortiMail akugcini kulokhu. Ukuze uthole ukuvikelwa okusebenzayo okwengeziwe, udinga ukufunda izindlela ezikhona futhi uzenze ngendlela oyifisayo ukuze zihambisane nezidingo zakho. Ngokuzayo, sihlela ukugqamisa ezinye, izici ezithuthuke kakhulu zaleli sango lemeyili.
Uma unobunzima noma imibuzo mayelana nesixazululo, yibhale kumazwana, sizozama ukuyiphendula ngokushesha.
Ungathumela isicelo selayisense yesilingo ukuze uhlole isisombululo .
Umbhali: Alexey Nikulin. I-Information Security Engineer Fortiservice.
Source: www.habr.com