Hagahan ayaa ku tusi doona habka habaynta SPF, DKIM iyo DMRC – saddex qaybood oo muhiim ah si loo horumariyo waxqabadka diritaanka iimaylka.
Habaynta saxda ah ee SPF, DKIM iyo DMRC waxay kordhin doontaa kalsoonida server-yada boostada waxayna yaraynaysaa suurtogalnimada fariimahaaga inay galaan spamka.
- SPF (Siyaasadda Soo-dirida) waa cabbir ammaan oo loogu talagalay in looga hortago kuwa kale inay soo diraan iimaylo iyagoo ku hadlaya magacaaga. Waxay go'aaminaysaa ciwaannada IP-ga ee loo oggol yahay inay soo diraan iimayllada iyo kuwa aan ahayn.
- DKIM (DomainKeys Identified Mail) waa habka xaqiijinta fariinta. Marka iimayl kasta la diro, waxaa lagu saxeexaa furaha gaarka ah ka dibna lagu xaqiijiyo server-ka waraaqaha helaya (ama bixiyaha adeegga internetka) oo wata furaha guud ee DNS.
- DMRC ( Xaqiijinta Fariinta ku salaysan Domain-ku-saleysan, Warbixinta & Aqbalaada) waxay u isticmaashaa SPF iyo DKIM xaqiijinta boostada, yaraynta spamka iyo weerarada phishingka.
Qaabeynta SPF (Qaabka Siyaasadda Soodiraha)
1.1. Si loo habeeyo SPF, diiwaanka TXT waa in lagu daraa goobaha DNS ee boggaaga.
1.2. Tani waa tan soo socota ee diiwaanka SPF:
- v=spf1: waxay go'aamisaa nooca SPF ee aad isticmaashay. Maanta SPF1 kaliya ayaa la isticmaalaa.
- ip4: [Your_Mail_Server_IP]: Waxay muujinaysaa in cinwaankaaga IP-ga ee server-kaaga loo oggol yahay inuu iimayl u soo diro isagoo matalaya boggaaga.
- a: Waxay qeexaysaa in haddii domain uu leeyahay diiwaan A (IPv4 ciwaanka) ee DNS, server-ka lagu qeexay diiwaankaas ayaa soo diri karaa email isagoo ka wakiil ah domainka.
- mx: Waxay muujinaysaa in haddii domain uu leeyahay diiwaanka MX (mail sarrifka) ee DNS, server-ka lagu qeexay diiwaankan wuxuu soo diri karaa iimayl isagoo ka wakiil ah domainka.
- Dhammaan: Waxay muujineysaa in kaliya server-yada ku jira diiwaanka SPF ay soo diri karaan iimayl iyagoo ka wakiil ah domainka. Haddii iimaylka uu ka yimaad server kale, waxa loo calaamadayn doonaa sida "kuwa jilicsan" (~), taas oo macnaheedu yahay in la aqbali karo, laakiin lagu calaamadiyay sida spam ee suurtogalka ah.
Si wada jir ah, canaasirtaani waxay sameeyaan SPF oo sidan u eeg:
Magaca: [Your_Domain]
v=spf1 ip4:[Your_Mail_Server_IP] a mx ~allKu beddel [Your_Mail_Server_IP] iimaylka cinwaankaaga IP-ga.
DKIM (DomainKeys Identified Mail) qaabeynta
2.1. Marka hore ku rakib opendkim iyo opendkim-tools. Habka rakibaadda waxay ku xiran tahay nidaamka hawlgalka:
Loogu talagalay CentOS:
yum install opendkim -yLoogu talagalay Debian/Ubuntu:
apt install opendkim opendkim-tools -y2.2. Marka xigta, billow adeegga opendkim oo awood u yeelo bilawga inta lagu jiro boot:
systemctl start opendkim
systemctl enable opendkim2.3. U samee hagaha kaydinta furayaasha:
mkdir -p /etc/opendkim/keys/yourdomain.com2.4. Samee furayaasha addoo isticmaalaya opendkim-genkey tool:
opendkim-genkey --directory /etc/opendkim/keys/yourdomain.com/ --domain yourdomain.com --selector dkimHa iloobin inaad ku bedesho 'yourdomain.com' magacaaga domain ee dhabta ah.
2.5. U deji rukhsad habboon furayaasha:
chown -R opendkim:opendkim /etc/opendkim/keys/yourdomain.com2.6. Hadda waxaan u baahanahay inaan habeyno opendkim. Fur faylka /etc/opendkim.conf oo ku dar dejinta soo socota:
AutoRestart Yes
AutoRestartRate 10/1h
Umask 002
Syslog Yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:8891@localhost2.7. Ku dar boggaaga faylka /etc/opendkim/TrustedHosts
127.0.0.1
localhost
*.yourdomain.com2.8. Tafatir /etc/opendkim/KeyTable faylka si uu u ekaado tan:
dkim._domainkey.yourdomain.com yourdomain.com:dkim:/etc/opendkim/keys/yourdomain.com/dkim.private2.9. Beddel faylka /etc/opendkim/SigningTable. Si aad u ekaato sidan
*@yourdomain.com dkim._domainkey.yourdomain.com2.10. Haddii aad isticmaasho Debian/Ubuntu, sheeg dekedda opendkim:
echo 'SOCKET="inet:8891@localhost"' >> /etc/default/opendkim2.11. Dib u bilow adeega opendkim si isbedelada loo dabaqo:
systemctl restart opendkim2.12. Ugu dambayntii, ku dar furaha dadwaynaha ee isku xidhka DNS ee boggaaga. Furayaashu waxay ku jiraan /etc/opendkim/keys/yourdomain.com/dkim.txt.
DMRC ( Xaqiijinta Fariinta, Ka warbixinta & Ku-dhaqanka ee ku-saleysan domain).
3.1. Si loo habeeyo DMRC, ku dar diiwaanka TXT goobaha goobtaada:
Name: _dmarc.[Your_Domain].
Значение: v=DMARC1; p=none; aspf=r; sp=noneKu beddel [Your_Domain] magaca boggaaga.
PTR (Diiwaanka Tilmaamaha) qaabeynta
4.1. Rikoorka PTR, oo sidoo kale loo yaqaanno rekoobka DNS, ayaa loo isticmaalaa in lagu beddelo cinwaanka IP-ga magac domain. Tani waxay muhiim u tahay server-yada boostada sababtoo ah server-yada qaarkood ayaa laga yaabaa inay diidaan farriimaha iyaga oo aan haysan diiwaanka PTR.
4.2. Diiwaanka PTR waxaa badanaa lagu habeeyaa goobaha adeeg bixiyaha internetka ama bixiyaha martigelinta. Haddii aad marin u leedahay goobahan, waxaad dejin kartaa diiwaanka PTR adiga oo tilmaamaya server-kaaga IP-ga iyo magaca domainka ee u dhigma.
4.3. Haddii aanad marin u lahayn goobaha diiwaanka PTR, la xidhiidh adeeg bixiyahaaga internet-ka ama bixiyaha martigelinta codsiga qaabaynta diiwaanka PTR.
4.4. Ka dib markaad rakibto PTR, waxaad ku hubin kartaa adoo isticmaalaya amarka qodista ee Linux:
dig -x your_server_IPKu beddel 'your_server_IP' ciwaanka IP-ga ee seerfarkaaga. Jawaabta waa inay ku jirtaa magacaaga domain
Ka dib marka la dhammeeyo dhammaan tillaabooyinka habaynta SPF, DKIM iyo DMARC, server-ka boostada aad ayay u yaraan doontaa inuu ku calaamadiyo waraaqahaaga spam - waxay dammaanad qaadi doontaa in waraaqahaagu ay gaaraan dadka qaata.
