Binciken sabar saƙon saƙo yana taka muhimmiyar rawa wajen tabbatar da aikin imel daidai. Yana ba da damar ganowa da warware matsalolin da suka shafi aikawa, karɓa, da sarrafa saƙonnin imel. Ɗaya daga cikin mahimman abubuwan da ke haifar da bincike shine amfani da masu tacewa akan sabar wasiku, wanda ke ba da kariya daga spam, ƙwayoyin cuta da sauran barazanar tsaro.
Wannan labarin zai yi la'akari da ayyukan waje guda biyu waɗanda ke taimakawa duba aikin sabar sabar daga gefe, da kayan aikin ciki waɗanda ke ba da izinin gudanar da bincike kai tsaye a kan uwar garke. Duk ayyuka, a matsayin misali, za a yi su akan a sabar sirri Ƙaddamar da Ubuntu 20.04.6 OS tare da ingantaccen bayani a cikin hanyar Postfix da Dovecot, duk da haka, hanyoyin da aka gabatar sun dace da kusan kowane tsarin aiki da abokan ciniki na imel.
Sabis na kan layi don duba sabar saƙo
Mataki na farko kuma mafi mahimmanci shine tabbatarwa ta amfani da sabis na kan layi na waje. Ta wannan hanyar, zaku iya bincika uwar garken wasiku don bayyanawa, SPF, DKIM da saitunan DMRC, sannan kuma bincika sunan adiresoshin IP daga inda aka aiko da imel. A mafi yawan lokuta, amfani da waɗannan kayan aikin kawai na iya haifar da sakamakon da ake so.
Bari mu ba da cikakken bayani game da manyan ayyukan tabbatarwa da ayyukansu:
Rariya yana ba mu damar duba kusan dukkan sigogin sabar sabar da aka samu. Sabis ɗin yana ba da kayan aiki don bincika duk bayanan yanki, kasancewar yanki gabaɗaya, duba takaddun shaida na SSL, matsayin adireshin IP da ƙari mai yawa. Don gano cutar, kuna buƙatar zuwa wurin shafin sabis, shigar da adireshin IP ko yanki, zaɓi kayan aikin da ake buƙata kuma gudanar da rajistan
Ana nuna cikakken jerin duk kayan aikin da ake da su a cikin hoton hoton:
Kamar yadda aka gani a sama, gidan yanar gizon kuma yana bincika kasancewar IP/domain a cikin jerin baƙi. Ana duba duk manyan kafofin: Spamhaus, Barracuda, SURBL da sauran su. Idan adireshin yana cikin kowace rumbun adana bayanai, sabis ɗin zai ba da bayani game da dalilan da aka sanya baƙaƙen sa. Ta wannan hanyar, zaku iya ɗaukar matakan gyara matsalar.
MailTester shine na biyu mafi mashahuri kayan aiki don duba sabar saƙo. Wannan sabis ɗin yana bawa masu amfani damar aika imel ɗin gwaji zuwa wani adireshin musamman, sannan su karɓi cikakken rahoto kan ingancin saƙon da aka aiko. Ba kamar MxToolBox ba, wannan hanya ta fi mayar da hankali ba akan gano sabar saƙon ba, amma akan yuwuwar inganta imel. Koyaya, wannan baya nufin cewa sabis ɗin bashi da ikon gudanar da cikakken bincike akan sabar mai aikawa. Yana gwada isar da saƙo, yana gudanar da bincike kuma yana ba da shawarwari don inganta sabis ɗin saƙon gaba ɗaya.
Domin kammala cak, kawai je zuwa ga gidan yanar gizon albarkatu kuma sami adireshin imel na musamman wanda kuke son aika imel zuwa gare shi. Bayan ƙaddamarwa, dole ne ku zaɓi "duba kima" kuma ku jira shafin ya sabunta. Kyakkyawan sakamako yayi kama da haka:
Idan akwai wata matsala ko shawarwari, sabis ɗin zai ba da rahoton wannan a cikin sashin da ya dace na rahoton.
Ayyukan da aka ambata a sama sun isa don cikakken duba sabar saƙon daga gefe. Suna ba ka damar gano yuwuwar matsaloli tare da isar da imel, bincika saitunan tsaro, da kuma karɓar shawarwari don warware kurakurai masu yiwuwa. Na gaba, za mu yi gwaji a gefen uwar garken.
Duba saitunan uwar garken saƙo
Duba bayanan DNS
Ɗaya daga cikin matsalolin gama gari a gefen uwar garken wasiku shine saitunan rikodin DNS kuskure. Kuna iya bincika daidaitattun su ta hanyar sabis na ɓangare na uku da aka ambata. Koyaya, a wasu lokuta, ƙila ba za a iya isar da imel ɗin zuwa akwatin saƙo na ɓangare na uku ba. A wannan yanayin, yakamata ku bincika duk shigarwar da hannu. Don yin wannan, je zuwa editan DNS kuma kaddamar da dubawa. Misali, bari mu dauki wadannan a matsayin bayanan tushen: domain profit.com, IP address 11.22.33.44, inda za a iya amfani da @ a matsayin sunan yankin, idan mai rejista bai yarda da cika wannan fom ba. Kar a manta canza dabi'u zuwa naku. Kar a manta canza dabi'u zuwa naku.
A records ayyana adiresoshin IP na sabar saƙon. A taƙaice, suna jagorantar yankin zuwa adireshin sabar sabar. Ya kamata yayi kama da haka:
| type | watsa shiri | darajar | TTL |
| A | @ | 11.22.33.44 | 1 min |
MX records sune mafi mahimmanci ga uwar garken wasiku, suna da alhakin hanyar isar da saƙo. A wasu kalmomi, suna jagorantar wasiku zuwa akwatin wasiku.
| type | watsa shiri | darajar | TTL |
| MX | @ | mail.profit.com | 1 min |
Bayanan SPF nuna uwar garken da ke da ikon aika imel daga wani yanki na musamman. Lura: Ana buga su azaman TXT. Ɗaya daga cikin ma'auni mai yiwuwa ne kawai aka nuna.
| type | watsa shiri | darajar | TTL |
| TXT | @ | v=spf1 ip4:11.22.33.44 -all | 1 min |
rikodin DKIM shine amfani da shi don tabbatar da sahihancin imel. Dole ne ya ƙunshi abubuwan da aka samar jama'a key. Hakazalika, ɗaya kawai daga cikin zaɓuɓɓukan ƙimar ana nuna.
| type | watsa shiri | darajar | TTL |
| TXT | s1._domainkey.profit.com | v=DKIM1; k=rsa; p=QWIOJNDSLUB… | 1 min |
DMARC rikodi shine mataki na gaba kuma na ƙarshe na kariya. Ya shafi imel ɗin da ba su wuce ba SPF da DKIM dubawa.
| type | watsa shiri | darajar | TTL |
| TXT | _dmarc.profit.com | v=DMARC1; p= babu; pc=100; rua=mailto:[email kariya] | 1 min |
Hakanan, ɗayan mahimman bayanan don sabar wasiƙa shine Rahoton da aka ƙayyade na PTR. Ana iya cewa yana aiki inversely zuwa ga A rikodin, wato, yana haɗa adireshin IP tare da yanki. Ana iya ƙara irin wannan rikodin ta hanyar buƙatu zuwa goyan bayan fasaha na mai ba da sabis, kuma ana iya bincika tare da umarnin: lambar IP, inda IP shine adireshin uwar garken ku. Amsar yakamata ta nuna yankin da aka haɗa.
Duba tashar jiragen ruwa
Matsalolin da ke tattare da rufaffiyar tashoshin jiragen ruwa kuma na iya haifar da rashin aiki ga uwar garken imel cikakke. Da farko, wajibi ne a bayyana tare da mai badawa ko akwai wasu ƙuntatawa a kan tashoshin da ake bukata a gefensa. Ba mu iyakance abokan ciniki ga adadin bude tashoshin jiragen ruwa akan kowane sadaukarwa or sabobin sabobin. Koyaya, yawancin masu samar da sabis suna aiki daban.
Kuna iya duba wuraren buɗe tashoshin ta amfani da abubuwan da aka riga aka shigar netstat mai amfani. Ya isa shigar da umarni:
netstat – natTare da shigar da sabar SMTP/IMAP/POP3 da kuma daidaita su, za mu ga mashigai masu buɗewa masu dacewa:
Kamar yadda muke iya gani akan hoton allo, manyan tashoshin abokin ciniki na wasiku a buɗe suke, wato: SMTP (25) IMAPS (143, 993) POP3S (110, 995). Hakanan zaka iya duba sabis na saƙo akan kowace tashar jiragen ruwa daban-daban. The telnet kayan aiki zai taimake ku da wannan. Bari mu kalli misalin POP3, wato tashar jiragen ruwa 110:
telnet mail.yourdomain.com 110
Mun fita kayan aiki tare da fita umarni kuma duba sauran tashoshin jiragen ruwa masu mahimmanci bisa ga ka'ida ɗaya. Lura cewa wannan kayan aikin kuma yana ba da damar gwada aika imel ba tare da amfani da ƙarin dubawa ba. Wannan na iya zama da amfani a lokuta inda mai amfani kawai ke buƙatar saita uwar garken da shirin aika wasiku a cikin gida.
Idan akwai matsaloli yayin buɗe tashoshin jiragen ruwa, kuna buƙatar kula da Firewall da aka shigar. Yawancin rabawa suna zuwa tare da Iptables/Firewalld pre-shigar.
Ma iptables muna amfani da umarni masu zuwa:
iptables -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp --dport 993 -j ACCEPTDomin firewalld:
firewall-cmd --permanent --add-port=25/tcp
firewall-cmd --permanent --add-port=110/tcp
firewall-cmd --permanent --add-port=995/tcp
firewall-cmd --permanent --add-port=143/tcp
firewall-cmd --permanent --add-port=993/tcpA wasu lokuta, sabis ɗin SMTP yana buƙatar buɗe tashoshin jiragen ruwa 465 da 587 don aiki daidai. Bude waɗannan tashoshin jiragen ruwa yana faruwa ta hanya ɗaya. Sake kunna sabis na Firewall bayan ƙara sabbin dokoki.
Duba takaddun SSL/TLS na sabar saƙon
Ana amfani da takaddun shaida na SSL/TLS akan sabar wasiku don tabbatar da amintaccen canja wurin bayanai tsakanin abokin ciniki na wasiƙar da uwar garken, sannan kuma suna tabbatar da sahihancin sabar saƙon mai aikawa da kanta, yana kawar da yuwuwar harin mutum-a-tsakiyar. Koyaya, suna iya haifar da matsala tare da aikawa ko karɓar wasiku. Don ƙaddamar da bincike, kuna buƙatar gano ko an shigar da takaddun shaida a gefen uwar garken. Bari mu bincika kasancewar takaddun shaida tare da umarni mai zuwa:
openssl s_client -showcerts -server mail.profit.com -connect IP:portA cikin wannan umarnin, kuna buƙatar maye gurbin ƙimar da naku:"mail.profit.com" shine adireshin uwar garken imel; IP: tashar jiragen ruwa shine bayanan uwar garken. Misali, bari mu duba tashar jiragen ruwa 993, wanda nasa ne IMAP yarjejeniya. Ana duba sauran ka'idoji ta hanya guda.
Don amsawa, dole ne uwar garken ta aika bayanan takaddun shaida:
Yawancin abokan cinikin wasiku suna shigar da takaddun shaida ta atomatik. Koyaya, a wasu lokuta, dole ne a saki da hannu kuma ƙara su zuwa takamaiman abokin ciniki. dandamali daban-daban na iya buƙatar shigarwa na mutum ɗaya da daidaitawa, don haka muna ba ku shawarar ku koma ga umarnin don takamaiman bayani. Muna ba da shawarar amfani Bari mu Encrypt a matsayin takaddun shaida, da amfani da Certbot azaman kayan aiki na taimako don shigarwa da daidaitawa.
Duba rajistan ayyukan
A ƙarshe, mun zo ga mafita da ke taimakawa a mafi yawan lokuta idan akwai wani yanayi - checking the mail server logs. Yawancin masu amfani suna yaudarar kansu, suna tunanin rashin maganin matsalarsu. Koyaya, abokan cinikin wasiku na zamani suna adana adadi mai yawa na bayanai a cikin rajistan ayyukan:
- Kwanan wata da lokacin aikawa da karɓar wasiku.
- Adireshin mai aikawa da mai karɓa.
- Tace sakamakon spam da ƙwayoyin cuta.
- Yanayin jerin gwano don aikawa da karɓar wasiku.
- Ayyukan masu gudanarwa da masu amfani masu alaƙa da sabar wasiku (misali, ƙirƙira, share akwatunan saƙo, canza saituna).
- Kurakurai da matsalolin da suka taso yayin sarrafawa da isar da saƙon imel.
Daidaitaccen littafin adireshi wanda aka adana mafi yawan umarni yana nan a: /var/log/. Dangane da maganin da aka yi amfani da shi, sunan takamaiman fayil ɗin log na iya bambanta. Misali, da mail.log fayil ne wanda yake a cikin wannan jagorar don Postfix. Ba mu ba ku shawarar yin watsi da wannan hanyar ganowa ba kuma kuyi amfani da rajistan ayyukan da zaran alamun farko na rashin aikin abokin ciniki na saƙo ya bayyana. Da fatan za a karanta littafinmu yadda ake karanta logs Linux.
Fahimtar yadda ake duba sabar saƙo
Mun gudanar da cikakken ganewar asali na sabar saƙon. Yayin gwaji, duka kayan aikin kan layi don cikakken bincike da mafita na gida don gano matsalolin da za a iya shafa sun shafi. Bayan gudanar da dukkan gwaje-gwajen da suka wajaba, an sami cikakken hoto na halin yanzu na sabar saƙon, da kuma shawarwarin kawar da matsalolin da za a iya fuskanta.
