I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Ungasebenza kanjani nezingodo zeZimbra OSE

Ungasebenza kanjani nezingodo zeZimbra OSE

Ukungena kuzo zonke izehlakalo ezenzekayo kungomunye wemisebenzi ebaluleke kakhulu yanoma yiluphi uhlelo lwebhizinisi. Amalogi akuvumela ukuthi uxazulule izinkinga ezivelayo, uhlole ukusebenza kwezinhlelo zolwazi, futhi uphenye nezehlakalo zokuphepha kolwazi. I-Zimbra OSE iphinde igcine amalogi anemininingwane yokusebenza kwayo. Ihlanganisa yonke idatha kusukela ekusebenzeni kweseva ukuya ekuthumeleni nokwamukela ama-imeyili ngabasebenzisi. Kodwa-ke, ukufunda izingodo ezikhiqizwe i-Zimbra OSE kuwumsebenzi ongewona omncane. Kulesi sihloko, sisebenzisa isibonelo esithile, sizokutshela ukuthi ungazifunda kanjani izingodo ze-Zimbra OSE, nokuthi uzenza kanjani zibe phakathi.

Ungasebenza kanjani nezingodo zeZimbra OSE
I-Zimbra OSE igcina wonke amalogi wendawo kufolda /opt/zimbra/log, futhi izingodo zingatholakala kufayela /var/log/zimbra.log. Okubaluleke kakhulu kulezi yi-mailbox.log. Irekhoda zonke izenzo ezenzeka kuseva yemeyili. Lokhu kufaka phakathi ukuthunyelwa kwama-imeyili, idatha yokuqinisekisa yomsebenzisi, imizamo yokungena ehlulekile, nokunye. Okufakiwe ku-mailbox.log kuwuchungechunge lombhalo oluqukethe isikhathi okwenzeka ngaso umcimbi, izinga lomcimbi, inombolo yochungechunge okwenzeka kuyo umcimbi, igama lomsebenzisi nekheli le-IP, kanye nencazelo yombhalo yomcimbi. .

Ungasebenza kanjani nezingodo zeZimbra OSE

Izinga lelogi libonisa izinga lokuthonya umcimbi ekusebenzeni kweseva. Ngokuzenzakalelayo kunamaleveli omcimbi angu-4: ULWAZI, WARN, IPHUTHA kanye ne-FATAL. Ake sibheke wonke amazinga ngendlela ekhulayo yokuqina.

  • ULWAZI - Imicimbi ekuleli zinga ngokuvamile ihloselwe ukwazisa ngenqubekelaphambili ye-Zimbra OSE. Imilayezo ekuleli zinga ihlanganisa imibiko yokudalwa noma ukususwa kwebhokisi leposi, nokunye.
  • XWAYISA - izehlakalo zaleli zinga zazise ngezimo ezingase zibe yingozi, kodwa ezingaphazamisi ukusebenza kweseva. Isibonelo, izinga le-WARN limaka umlayezo mayelana nomzamo wokungena ngemvume womsebenzisi ohlulekile.
  • IPHUTHA - leli zinga lomcimbi kulogi lazisa mayelana nokuvela kwephutha elingokwemvelo futhi elingaphazamisi ukusebenza kweseva. Leli zinga lingahlaba umkhosi iphutha lapho idatha yenkomba yomsebenzisi yonakele.
  • FATAL - leli zinga libonisa amaphutha ngenxa yawo iseva engakwazi ukuqhubeka nokusebenza ngokujwayelekile. Isibonelo, ileveli ye-FATAL izoba ngerekhodi elibonisa ukungakwazi ukuxhuma ku-DBMS.

Ifayela lokungena leseva yemeyili libuyekezwa nsuku zonke. Inguqulo yakamuva yefayela ihlala inegama elithi Mailbox.log, kuyilapho amalogi edethi ethile enosuku egameni futhi aqukethwe kungobo yomlando. Isibonelo mailbox.log.2020-09-29.tar.gz. Lokhu kwenza kube lula kakhulu ukwenza ikhophi yasenqolobaneni yemisebenzi nokusesha amalogi.

Ukuze kube lula kumphathi wesistimu, ifolda /opt/zimbra/log/ iqukethe amanye amalogi. Zihlanganisa kuphela okufakiwe okuhlobene nezinto ezithile ze-Zimbra OSE. Isibonelo, i-audit.log iqukethe kuphela amarekhodi mayelana nokuqinisekiswa komsebenzisi, i-clamd.log iqukethe idatha mayelana nokusebenza kwe-antivirus, njalonjalo. Ngendlela, indlela enhle kakhulu yokuvikela iseva ye-Zimbra OSE kubahlaseli ukuvikelwa kweseva usebenzisa i-Fail2Ban, evele isebenze ngokusekelwe ku-audit.log. Kungumkhuba omuhle futhi ukwengeza umsebenzi we-cron ukwenza umyalo grep -ir "iphasiwedi engavumelekile" /opt/zimbra/log/audit.logukuthola imininingwane yokwehluleka kokungena kwansuku zonke.

Ungasebenza kanjani nezingodo zeZimbra OSE
Isibonelo sokuthi i-audit.log ibonisa kanjani iphasiwedi efakwe kabili ngokungalungile kanye nomzamo wokungena oyimpumelelo.

Amalogi ku-Zimbra OSE angaba wusizo kakhulu ekuhlonzeni izimbangela zokwehluleka okubalulekile okuhlukahlukene. Okwamanje lapho kwenzeka iphutha elibucayi, ngokuvamile umlawuli akanaso isikhathi sokufunda izingodo. Kudingeka ukubuyisela iseva ngokushesha ngangokunokwenzeka. Kodwa-ke, kamuva, lapho iseva yenza ikhophi yasenqolobaneni futhi ikhiqiza amalogi amaningi, kungase kube nzima ukuthola ukufakwa okudingekayo kufayela elikhulu. Ukuze uthole ngokushesha irekhodi lephutha, kwanele ukwazi isikhathi lapho iseva iqalwe kabusha futhi uthole okungenayo kulogi ejola kusukela ngalesi sikhathi. Okufakiwe kwangaphambilini kuzoba irekhodi lephutha elenzeke. Ungathola nomlayezo wephutha ngokucinga igama elingukhiye elithi FATAL.

Izingodo ze-Zimbra OSE nazo zikuvumela ukuthi ubone ukwehluleka okungabalulekile. Isibonelo, ukuze uthole okuhlukile kwesibambi, ungasesha okuhlukile kwesibambi. Ngokuvamile, amaphutha akhiqizwa izibambi ahambisana nokulandela isitaki okuchaza ukuthi yini ebangele okuhlukile. Esimeni samaphutha ngokuthunyelwa kwemeyili, kufanele uqale usesho lwakho ngegama elingukhiye le-LmtpServer, futhi ukucinga amaphutha ahlobene ne-POP noma izivumelwano ze-IMAP, ungasebenzisa amagama angukhiye e-ImapServer ne-Pop3Server.

Amalogi angasiza futhi lapho uphenya izigameko zokuphepha kolwazi. Ake sibheke isibonelo esithile. NgoSepthemba 20, omunye wabasebenzi wathumela incwadi enegciwane ekhasimendeni. Ngenxa yalokho, idatha kukhompyutha yeklayenti ibethelwe. Nokho isisebenzi siyafunga sithi asithumelanga lutho. Njengengxenye yophenyo ngalesi sigameko, isevisi yezokuphepha yebhizinisi icela kumphathi wesistimu amalogi eseva yemeyili yangomhla zingama-20 kuSepthemba ahlobene nomsebenzisi ophenywayo. Ngenxa yesitembu sesikhathi, umlawuli wesistimu uthola ifayela lokungena elidingekayo, akhiphe ulwazi oludingekayo bese eludlulisela kochwepheshe bezokuphepha. Labo, nabo, bayayibheka bese bethola ukuthi ikheli le-IP okwathunyelwa kulo le ncwadi lihambisana nekheli le-IP lekhompyutha yomsebenzisi. Izithombe zeCCTV ziqinisekise ukuthi umsebenzi ubesemsebenzini ngesikhathi ethunyelwa incwadi. Le datha beyanele ukummangalela ngokwephula imithetho yezokuphepha kolwazi futhi imxoshe. 

Ungasebenza kanjani nezingodo zeZimbra OSE
Isibonelo sokukhipha amarekhodi ngeyodwa yama-akhawunti ku-Mailbox.log ungene efayeleni elihlukile

Konke kuba nzima kakhulu uma kukhulunywa ngengqalasizinda yamaseva amaningi. Njengoba izingodo ziqoqwa endaweni, ukusebenza nazo kungqalasizinda enamaseva amaningi kuphazamisa kakhulu ngakho-ke kunesidingo sokuhlanganisa ukuqoqwa kwamalogi. Lokhu kungenziwa ngokusetha umsingathi ukuze aqoqe amalogi. Asikho isidingo esithile sokwengeza umsingathi ozinikele kungqalasizinda. Noma iyiphi iseva yemeyili ingasebenza njengendawo yokuqoqa amalogi. Esimweni sethu, lokhu kuzoba i-Mailstore01 node.

Kule seva sidinga ukufaka imiyalo engezansi:

sudo su – zimbra 
zmcontrol stop
exit
sudo /opt/zimbra/libexec/zmfixperms -e -v

Hlela ifayela /etc/sysconfig/rsyslog, bese usetha i-SYSLOGD_OPTIONS=”-r -c 2β€³

Hlela /etc/rsyslog.conf futhi uyeke imigqa elandelayo:
$ModLoad imudp
$UDPServerRun 514

Faka imiyalo elandelayo:

sudo /etc/init.d/rsyslog stop
sudo /etc/init.d/rsyslog start
sudo su – zimbra
zmcontrol start
exit
sudo /opt/zimbra/libexec/zmloggerinit
sudo /opt/zimbra/bin/zmsshkeygen
sudo /opt/zimbra/bin/zmupdateauthkeys

Ungahlola ukuthi yonke into iyasebenza usebenzisa umyalo zmprov gacf | grep zimbraLogHostname. Ngemva kokwenza umyalo, igama lomsingathi oqoqa izingodo kufanele liboniswe. Ukuze uyishintshe, kufanele ufake umyalo zmprov mcf zimbraLogHostname mailstore01.company.ru.

Kuzo zonke ezinye iziphakeli zengqalasizinda (i-LDAP, i-MTA nezinye izitolo zemeyili), sebenzisa umyalo zmprov gacf |grep zimbraLogHostname ukuze ubone igama lomsingathi lapho amalogi athunyelwa khona. Ukuyishintsha, ungaphinda ufake umyalo zmprov mcf zimbraLogHostname mailstore01.company.ru

Kufanele futhi ufake imiyalo elandelayo kuseva ngayinye:

sudo su - zimbra
/opt/zimbra/bin/zmsshkeygen
/opt/zimbra/bin/zmupdateauthkeys
exit
sudo /opt/zimbra/libexec/zmsyslogsetup
sudo service rsyslog restart
sudo su - zimbra
zmcontrol restart

Ngemuva kwalokhu, wonke amalogi azorekhodwa kuseva oyicacisile, lapho angabukwa khona kalula. Futhi, kukhonsoli yomqondisi we-Zimbra OSE, esikrinini ngolwazi mayelana nesimo samaseva, isevisi ye-Logger esebenzayo izoboniswa kuphela kuseva ye-mailstore01.

Ungasebenza kanjani nezingodo zeZimbra OSE

Elinye ikhanda elibuhlungu lomlawuli kungaba ukugcina i-imeyili ethile. Njengoba ama-imeyili ku-Zimbra OSE edlula ezenzakalweni eziningana ezahlukene ngesikhathi esisodwa: ukuskena nge-antivirus, i-antispam, njalonjalo, ngaphambi kokwamukelwa noma ukuthunyelwa, kumphathi, uma i-imeyili ingafiki, kungaba nzima kakhulu ukulandelela ukuthi yisiphi isigaba. lalilahlekile .

Ukuze uxazulule le nkinga, ungasebenzisa iskripthi esikhethekile, esakhiwa uchwepheshe wezokuphepha kolwazi uViktor Dukhovny futhi watusa ukusetshenziswa ngabathuthukisi bePostfix. Lesi sikripthi sihlanganisa okufakiwe okuvela kulogi ngenqubo ethile futhi, ngenxa yalokhu, ikuvumela ukuthi ubonise ngokushesha konke okufakiwe okuhlotshaniswa nokuthumela uhlamvu oluthile ngokusekelwe kusihlonzi saso. Umsebenzi wayo uhloliwe kuzo zonke izinguqulo ze-Zimbra OSE, kusukela ku-8.7. Nawu umbhalo wombhalo.

#! /usr/bin/perl

use strict;
use warnings;

# Postfix delivery agents
my @agents = qw(discard error lmtp local pipe smtp virtual);

my $instre = qr{(?x)
	A			# Absolute line start
	(?:S+ s+){3} 		# Timestamp, adjust for other time formats
	S+ s+ 		# Hostname
	(postfix(?:-[^/s]+)?)	# Capture instance name stopping before first '/'
	(?:/S+)*		# Optional non-captured '/'-delimited qualifiers
	/			# Final '/' before the daemon program name
	};

my $cmdpidre = qr{(?x)
	G			# Continue from previous match
	(S+)[(d+)]:s+	# command[pid]:
};

my %smtpd;
my %smtp;
my %transaction;
my $i = 0;
my %seqno;

my %isagent = map { ($_, 1) } @agents;

while (<>) {
	next unless m{$instre}ogc; my $inst = $1;
	next unless m{$cmdpidre}ogc; my $command = $1; my $pid = $2;

	if ($command eq "smtpd") {
		if (m{Gconnect from }gc) {
			# Start new log
			$smtpd{$pid}->{"log"} = $_; next;
		}

		$smtpd{$pid}->{"log"} .= $_;

		if (m{G(w+): client=}gc) {
			# Fresh transaction 
			my $qid = "$inst/$1";
			$smtpd{$pid}->{"qid"} = $qid;
			$transaction{$qid} = $smtpd{$pid}->{"log"};
			$seqno{$qid} = ++$i;
			next;
		}

		my $qid = $smtpd{$pid}->{"qid"};
		$transaction{$qid} .= $_
			if (defined($qid) && exists $transaction{$qid});
		delete $smtpd{$pid} if (m{Gdisconnect from}gc);
		next;
	}

	if ($command eq "pickup") {
		if (m{G(w+): uid=}gc) {
			my $qid = "$inst/$1";
			$transaction{$qid} = $_;
			$seqno{$qid} = ++$i;
		}
		next;
	}

	# bounce(8) logs transaction start after cleanup(8) already logged
	# the message-id, so the cleanup log entry may be first
	#
	if ($command eq "cleanup") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		$transaction{$qid} .= $_;
		$seqno{$qid} = ++$i if (! exists $seqno{$qid});
		next;
	}

	if ($command eq "qmgr") {
		next unless (m{G(w+): }gc);
		my $qid = "$inst/$1";
		if (defined($transaction{$qid})) {
			$transaction{$qid} .= $_;
			if (m{Gremoved$}gc) {
				print delete $transaction{$qid}, "n";
			}
		}
		next;
	}

	# Save pre-delivery messages for smtp(8) and lmtp(8)
	#
	if ($command eq "smtp" || $command eq "lmtp") {
		$smtp{$pid} .= $_;

		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $smtp{$pid};
			}
			delete $smtp{$pid};
		}
		next;
	}

	if ($command eq "bounce") {
		if (m{G(w+): .*? notification: (w+)$}gc) {
			my $qid = "$inst/$1";
			my $newid = "$inst/$2";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
			$transaction{$newid} =
				$_ . $transaction{$newid};
			$seqno{$newid} = ++$i if (! exists $seqno{$newid});
		}
		next;
	}

	if ($isagent{$command}) {
		if (m{G(w+): to=}gc) {
			my $qid = "$inst/$1";
			if (defined($transaction{$qid})) {
				$transaction{$qid} .= $_;
			}
		}
		next;
	}
}

# Dump logs of incomplete transactions.
foreach my $qid (sort {$seqno{$a} <=> $seqno{$b}} keys %transaction) {
    print $transaction{$qid}, "n";
}

Iskripthi sibhalwe nge-Perl futhi ukuze usisebenzise udinga ukusigcina efayeleni hlanganisa.pl, yenze isebenziseke, bese ugijima ifayela elicacisa ifayela lokungena bese usebenzisa i- pgrep ukuze ukhiphe ulwazi lokuhlonza lwencwadi oyifunayo. Collate.pl /var/log/zimbra.log | pgrep[i-imeyili ivikelwe]>'. Umphumela uzoba ukuphuma okulandelanayo kwemigqa equkethe ulwazi mayelana nokunyakaza kohlamvu kuseva.

# collate.pl /var/log/zimbra.log | pgrep '<[email protected]>'
Oct 13 10:17:00 mail postfix/pickup[4089]: 4FF14284F45: uid=1034 from=********
Oct 13 10:17:00 mail postfix/cleanup[26776]: 4FF14284F45: message-id=*******
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: from=********, size=1387, nrcpt=1 (queue active)
Oct 13 10:17:00 mail postfix/smtp[7516]: Anonymous TLS connection established to mail.*******[168.*.*.4]:25: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:00 mail postfix/smtp[7516]: 4FF14284F45: to=*********, relay=mail.*******[168.*.*.4]:25, delay=0.25, delays=0.02/0.02/0.16/0.06, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 878833424CF)
Oct 13 10:17:00 mail postfix/qmgr[9946]: 4FF14284F45: removed
Oct 13 10:17:07 mail postfix/smtpd[21777]: connect from zimbra.******[168.*.*.4]
Oct 13 10:17:07 mail postfix/smtpd[21777]: Anonymous TLS connection established from zimbra.******[168.*.*.4]: TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
Oct 13 10:17:08 mail postfix/smtpd[21777]: 0CB69282F4E: client=zimbra.******[168.*.*.4]
Oct 13 10:17:08 mail postfix/cleanup[26776]: 0CB69282F4E: message-id=zimbra.******
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: from=zimbra.******, size=3606, nrcpt=1 (queue active)
Oct 13 10:17:08 mail postfix/virtual[5291]: 0CB69282F4E: to=zimbra.******, orig_to=zimbra.******, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Oct 13 10:17:08 mail postfix/qmgr[9946]: 0CB69282F4E: removed

Kuyo yonke imibuzo ehlobene ne-Zextras Suite, ungathinta Ummeleli we-Zextras Ekaterina Triandafilidi nge-imeyili [i-imeyili ivikelwe]

Source: www.habr.com