Tài liệu Giáo trình thư điện tử - Đề án CP 112_phần 4 pdf

A Khái niệm quản trị hệ thông thư điện tử

1 Mục đích của việc quản trị hệ thông thư điện tử

2 Các công việc cân thiêt đề quản trị hệ thông thư điện tử

B Một số tính năng cơ bản đề quản trị và thiết lập hệ thông thư điện tử

Mô hình hoạt động của hệ thông thư điện tử

Giới thiệu về thủ tục LDAP

Các giải pháp an toàn cho hệ thông thư điện tử Quản trị máy chủ thư điện tử từ xa

Mô hình hoạt động của hệ thống thư điện tử Giới thiệu về thủ tục LDAP

Các giải pháp an toàn cho hệ thống thư điện tử Quản trị máy chủ thư điện tử từ xa

1 Mô hình hoạt động của hệ thống thư

điện tử: K: incoming Email `

Hình 3.1 Mô hinh hoạt động của hệ thông thư điện tử

Quan ly tir xa bang Webadmin va

Mdconfig: Remote Configuration E x; Tw Menu setup/chon Remote configuration Remote configuration engines

ae, J¥ Enable MDConfig remote configuration engine LB JV Enable WebAdmin remote configuration engine

J¥ Stop WebAdmin when MDaemon stops

MDConfig security issues [logon/password values do not apply to Web&dmin) Administrator [Administrator Supervisor [Supervisor Password XXxXXXX* Password XXXXXxwxw* Only allow connections from these IP's New IP address Remove | Wildcards of the form 192.168.0.* or 204.168.*.* can be used

MDConfig backup directory

= JC:\MDaemon\B ackup

Hinh:4.51 Thi ết lâ pc 4 u hình từ xa Before updating, MDaemon will backup its existing configuration files

MDConfig Configuration Client :

L4 onfig - MDacmon Remxe eT eT

Ine tree et ve: DRip le rire eb

eee Tr Ata @ sue

3 DomenPOPrevd: 0 +

Fd MuBPOP rovd: 0 Set ANTE 04 25085 ocket corrector cael

+i-[#\ PTIP sessions 0 cai 2)12-604 ¿4104 t0 rOK meurpov.con MDOINTIG rẻzlave cai

H/AIMAPestmel [X #I-IÚ£) Rib/ II:+ag: Í ae mm pahem, SOK WD ny AAO aneerabe CN ¥ +4 5,7 U AECERNSUE

om St 2002-0604 2300 55 LI5FT anrixr3tr

E183 Quewod mal Sa 2))2(804 220452 +(JL, ts#ntniitat2f> tt

Lý} flende gueus $3 2112 (604 3201:E2 PASS mr

(8 Locel queue’ Ct 702.0604 23045 + «achini:tztap athotiaol

(5) [ldry quzue: 0 Cai 1J12 (6 04 ¿5:04 S9 GLTS Sie

(5) Gad quewe 0 Set 2002-0504 2204.4 +OK E31! byes Ged LAN quever 0 $4 202-0604 25.00 GET= Cullee!

i) RO quene 0 S4 214:04 1304 54 Tiamssrrifrnplele<[`1MDeernrrWpp\MDEFDN/KN,

= : Set 2002-0606 220054 Ll

El BR Saven _ || $z202(801120151 Dk ye

SMTP savelft| sive || C5 2902.05.04 2204 54 Coerngtarensron choral

4) UGB PUP eoiverey ate Cet 202 (604 25045 Stotus coat for deren mecorpany.cam

+) fila IMAP sevatl|: da || Set 2092-0504 2204.55 Warsơn VD eertor PR v6.7.0

(Ẩn LI4P server are || Set Tưng nu Upines 013, TN sa wh

: ae =4 a | 1Ÿ xI1:£#3XÌI w®c(IIIl

b ee Cor R604 22005 — La#tzurre:ZulSNTPseszerr St (May 2002220412:

MUBPOP inact Se 22-0500 2500: Last cucoceul MM apni: U

.InaoNe €z 2114504 12015 Last MDCONAG conmloact 0

- ta wdiliy: azive I Se S004 2204 La#MbEfRHD uodale 0 == +

WereLberk active sla at : | nụ

faeces 2

Hình:4.52 MDConfiguration chạy gia lap như Mdaemon Server

Két noi dén Remote Mdaemon site:

MU eeron Most Intornston

Thiết lập và sử dụng WorldClient Server: WorldClient là gi? Là công cu gitp email Client truy nhập vào hộp thư điện tử của minh © %,* se * WorldClient cho phép nhà cung cấp dịch vụ đặt biểu tượng quảng cáo của mình * WorldClient là công cụ rất mạnh hồ trợ cho người dùng quản trị hộp thư của mình

+» WorldClient là hạt nhân của Mdaemon Server

Ba cach Start/Stop WorldClient Server:

| Trong Message Router 0 phia ben trat co phan server cO WorldChient bam

ya0 do va bam chudt phar chon Zoggle Active Inactive

2 Chon FilesEnable WorldClient server tren Message Router

Chon Setp-oWorldClient Relay Far tren Message Rower va bam Enable WorldClient Server

Thiết lập WorldClient: Setup rồi chọn WorldClient/Relay Fax WorldClient/RelayFax Properties E ?| xi Server Options | WorldClient SSL | Domain Options | RelayFax | WorldClient properties

WorldClient is running under IIS

Run WorldClient server using this TCP port [ 3000

Sessions not composing 4 message expire after [20 inactive minutes Sessions composing a message expire after [ 120 inactive minutes I¥ Cache HTML templates to increase web server performance IV Use cookies to remember logon name, theme, and other properties [ Respond to read confirmation requests

I¥ Require IP persistence throughout WorldClient session

Bind WorldClient's web server to these IPs only Separate multiple values with commas Leave blank to bind to MDaemon's IP list

Restart WorldClient (required when port or IIS value changes] |

Hinh ° 4 5 4 [ ox | Cancel | Apply |

Sử dụng giao thức LDAP:là giao thức để lưu trữ và truy vẫn cơ sở dữ liệu về người sử dụng Từ menu setup chọn Ldaemon/LDAP tuỳ chọn LDAP Sfar/stop cùng Laeree: | (páP fpesxa: | LDceman LDA® seve operas

Oe Note: LOsemon requires Wirdows NT 2000

Stait2 Stop LDaemoe whan D acon stalls L 2G p2

Mdaemon

Noi dé g6 cau lénh [Dicsctn cecsaaad clatboak

diéu khién LDAP [hp 230m LDAP Options '=T<1l LEÁPF pert nthe Setup | Prirraw Domain! Pores tab Il you Chiaige Ihe por LDacmoriic ung woe mue! cleo iaige Iho Se \ Fd) LT ae Gorviguiein fit Scop 4 Restat LOsernm ]

, non logor pub buggy cụ 1e: feeat LDasmor afte: chong yl

muôn sửa chữa câu

l|Z Tuacø lzicixei ca: [` Eorigishứœt lá cúœø¿£fc ^ fe Debug packet hardi-a [ Access conrol ist procestr9

lénh cho LDaemo [” Haaw tece debuggers Sak: conmmccbons/opsAcenls

T Cosrection manageners [ Seats: log erie sant

ya T Logs 10 pschels [` Camrwawcalem wih shes! beckend

T Search the olocesera [ Ernie oaena debsoona

Dé thay đôi chế độ Fœ as basta: LDasnon retaler ond hiorration sir

ghi log file va tim 101 Iiznrrsrl Lrce |

| Ex “ricap vs 1001 of hips yf dao) 27.00 bee”

„ Tuy chon cho Mdaemon dùng Ldap để lưu CSDL “ : Thiết lập cho phép LDAP Bae hs aT) LOsercn LDAP Optors: | LDAP cusions

LDAP server poperties

Note LOG lurchavally ude Windows SS ques! Jo gosetet

Sioie accoun! dala manLDAP accessable twalPRD rerio orb) FY Use LDAP zerver br eddeez book and renols vatficston

This option beegs an LDAP server up to date wath address nication

Dién DN dé gan quyén

Dién base entry sé dung userlist.dat hoặc ˆ được tất cả Mdaemon user entry ODBC AO truy cap vao LDAP Server Hoa! sane a IF 304 filer fica mal=$ MLS a Brd DN Sind pereword Pott fpeẽDunbir T Fayim+s onthti T Beery ON |+»tt++^ = Bast im II [v43*23 h£pk | Ath Techreloges cS

[lharl clare [databece)

tac, seá4†( Tas‡naigk2, cai Š

heer! clare ladddecr hy | LDAP tieds

See the MOsermon cere syad lo at exclaston ol hes

Mo senen ie ML sano: Cotect xX

Bese erty ON berate wenticetionl

[curPornale Addo £v0Ii0^3)0( ot Tact fitter ces \\

Xác định object clas điều

khiến dữ liệu cla LDAP Điều khiến cho phép tạo ra RDN Set password di kèm BindDN TỶ a? Tạo một bản về

thông tin của

account vào đữ liệu LDAP

VÀNG

Xác định obJect

class điều khiến dữ

liệu của LDAP Xác thực thư đầu xa đề châp nhận hay từ chôi của Mailserver Backup

Create PDF files without this message by purchasing novaPDF printer (http:/www.novapdf.com)

Spam Blocker : đễ ngăn chặn hầu hết các thư spam gửi đến Mail Server của bạn

Nó sử dụng co' sé dir liéu blacklist cia hai t6 chive ORDB va MAPS RBL host

Ban tham khao cac théng tin vé ORDB va MAPS RBL tai hai web site sau:

http:// www.ordb.org

http:// www.mail-abuse.com/rbl

Spam Blocker Engine:

Kich hoat Spam

Spam Blocker Engine | Spam Blocker Hosts Spam Blocker Caching

am Blocker engine

I¥ Enable Spam Blocker engine

i ¢ Click here and MDaemon will query MAPS /RBL/ORDB type hosts to detect blacklisted sites

Cho ban tin tr blacklist

qua, nhung gan co

canh bao Spam Blocker options Z ‘Flag messages from blacklisted sites but go ahead and accept theng

This option inserts an %-RBL-Warning’ header into flagged emails

[~ Automatically filter spam messages into user's IMAP spam félder Kiem tra Ip được điện Check 'Received' headers within SMTP collected messages trong “receive” cua thu Check only this many 'Received' headers [0 = all] | 0

° > Skip this many of the oldest 'Received' headers (0 = none] | 1

khi gửi qua SMTP [— Check 'eceived' headers within PP collected messages Check only this many 'Received' headers (0 = all] 0 Cho phép account mới được | thumuc Inbox/Spam Thém dia chi IP vao IP Screen

Skip this many of the oldest 'Received' headers (0 = none] IV Skip 'Received' headers within messages from exempted [” Add blacklisted sites to the IP Screen (under ‘All IPS") [ Authenticated sessions are exempt from Spam Blocker loo J¥ Always exempt Trusted IPs from Spam Blocker look

Cho phép cac dia chi

trong Trust host cua ban Relay Setting

Click here to configure IP and email addresses that are exempt

spam Blocker Hosts: Spam Blocker E |x|

Spam Blocker Engine Spam Blocker Hosts | Spam Blocker Caching |

Spam Blocker hosts

The spam blocking engine works by querying each host below and seeing if the IP address of an incoming SMTP connection has been blacklisted for propogating spam For complete details on how this works check out http: 4/wwwwordb.org or http://www mail-abuse.org bl.spamcop.net, mail from $IP$ refused by SpamCop, see http: //www.spame = 4| >| Remove |

Spam Blocker ° p a) D | OC Ke [ C aC h | MN g ‹ Spam Blacker Engine | Spam Blacker Hosts Spam Blacker _— -+lx| Hình:4.59 Caching options

¥ Automatically cache Spam Blocker results

Warming: Caching the results of a these lookups is not recommended by the folks who maintain these databases Since a blacklisted host can right itself in a matter of minutes we recommend you keep the 'Default Time To Live’ value to 4 minimum

See http: //www.mail-abuse.org for details on the implications of caching

cached entry

IP address | IP address to place in cache

Default time to live [in minutes] 5 (9999 = never expire]

[~ Automatically cached entries use default time to live also

Maximum cached entries | 50 Add |

Currently cached entries

203.190.100.100 for [15] more minutes

Spam Filter:

-?| x|

White List (auto) | © White List (to) | ‘White List (from) | Black List

Spam Filtering | Heuristics | Bayesian | Reporting | Exclusion List

Spam Filter options

MDaemon's Spam Filter uses 4 variety of techniques to detect and deal with spam

If the Spam Filter determines that a message is spam then C bounce the message back to sender

( just delete the message completely

o : flag the message but let it continue down the delivery path: I¥ Don't filter messages sent from local sources

I¥ Don't filter messages from trusted or authenticated sources

Don't filter messages larger than 25 kb (0 = filter all messages)

[— Automatically filter spam messages into user's IMAP spam folder

A white list match subtracts this many points from the spam score | 100.0

& black list match adds this many points to the spam score 100.0

Address Suppression: Security Settings = ?| xị Address Suppression | IP Screening | Host Screening |

Currently suppressed addresses —————_ New suppression entry

AN =F Domains Domain name |ảll Domains *|

Ef" All Domains

_ spamcopne

= TH vn

“ES spammer@muaha.com.yn Email address

BY hoaco.com ị Œ muaxuan@hoaco.com ae ok u22ZZf1s of the form “@domain.com or *@???.com company mail v Remove | Add Options elect the domain this new suppressed address will apply to

[_ Refuse to accept mail during SMTP session

| >| J Inform sender when their mail is rejected

4Í

IP Screening: Security Settings E ki Xx| Address Suppression IP Screening | Host Screening | Current IP screen entries ——————— New IP screen entry AN =1-*ÿ` IP Addresses Local IP ị —ÿ AlTPs Select the IP that this new screen will belong to -="Ÿ' 203 100.100.100 † “Sp 203.192.100.100 Remote IP OG 1270/01 1274: oÍ the form 132.168.0.* or 182.168.*.1 are cceptable

(* This remote IP can connect

( This remote IP can not connect Remove |

Default For Undefined IPs © Undefined IPs can connect to this local IP

€ Undefined IPs can not connect to this local IP

IP Screening works by comparing the IP of the incoming connection to the IPs specified in this dialog If a match is

Host Screening: nt host screen entries host screen entry Local IP B-† IP Addresses

Select the IP that this new screen will belong to

8 192,168,200.10,Allow Wildcards of the form * altr.com or altn.*.com are Ef 127.0.0.1 acceptable 200100, 100.100,Prevenl STOO TOOTOT alow (© This remote host can connect địa 200,200 Laa+^

Default For Undefined Hosts

(* Undefined hosts can connect to thi

| 3| ( Undefined hosts can not connect to this local IP

203.192.100.100 *| EF 203.192.100.100 Remote host | Add |

gia 200,100,100, 102,Prevenl This remote host can not connect Remove | mond here

reening works by comparing the value passed in an incoming SMTP session's EHLO or HELO parameter with

IP Shielding: Security Settings : ?| x| P Shielding | SMTP Authentication | POP Before SMTP | Site Policy |

Currently defined domain/IP pairs

|” Messages to valid local users are exempt from domain/IP matching IP Shield honors aliases qtsc.com.vn, 203.100.100.100 qtsc.com.vn, 203.162.100.101 quangtrungsoft.com vn, 203.162.100.102 Remove | Domain name IP address | | Add `

H | 8 h " 4 64 Wildcards like *.altn.com and 192.168.0.* ok

smtp Authentication: Security Settings : ?| x| IP Shielding SMTP Authentication POP Before SMTP | Site Policy SMTP Authentication

JV ‘Authenticated senders are valid regardless of the IP they are using Select this switch and MDaemon will ignore the IP restrictions setup by the IP

hield when a message comes from an authenticated source

JV Authenticated users are exempt from the POP Before SMTP requirement Select this switch and MDaemon will exempt authenticated sessions from any POP Before SMTP restrictions

[— Authentication is always required when mail is from local accounts When this option is enabled any message claiming to come from a local account will need to authenticate before being recognized

MAIL FROM ‘Postmaster’ requires an authenticated session

Spammers and hackers know that the ‘Postmaster’ account exists ‘You can use this switch to prevent them from exploiting this fact

[ Authentication credentials must match those of the email sender

This switch requires the sender of the email to use only his/her own authentication credentials

Global AUTH password

In some cases it is useful to provide a global password for authentication

POP Before SMTP: Security Settings IP Shielding | SMTP Authentication POP Before SMTP | Site Policy | POP Before SMTP 2| x!

IV Local sender must have accessed mailbox within last 5 minutes

Click here to force local users to check mail with POP, IMAP, or WorldClient before MDaemon will accept a message from them

JV Messages collected via ATRN are exempt from this requirement

¥ ‘Messages sent to local recipients are exempt from this requirement JV Messages sent from trusted IPs are exempt from this requirement

Hinh:4.66 ayes Ja

Site Policy: ea E 3| xi

IP Shielding | SMTP Authentication | POP Before SMTP Site Policy

Cửa sé hién thi Text file policy.dat Site policy

trong thu mục \app\ được sử dụng XR A site policy is text that is transmitted to the sending mail server at the beginning

để gửi khi bắt đầu một phiên làm non ti min go ng vote tee

việc SMTP E File POLICY.DAT phai 6 dang

ASCII khong chwa hon 512 ký tự mot dong va dung lwong lon nhat là 5000 bytes

‹ s”

Please limit your policy to 15 lines of 75 characters each RFC 2821 says blank

Relay Settings: Sever này không cho phép relay những Relay Settings | Trusted Hosts | Tarpit Settings | Reverse Lookup ail relaying

‘This server does not relay mail for foreign domains:

With this switch enabled MDaemon will not accept a message for delivery unless it is either FROM or TO a known user

Từ chối nhận những bức thư gửi đến cho domain mà

nó quán lý nhưng địa chỉ người dùng không tôn tại

J# Refuse to accept mail Íar unknown lacal users

With this switch set MDaemon will refuse to accept any message addressed to 4 local user who does not exist

¥ Sender's address must be valid if it claims to be from a local domain

4 common tactic used to get around anti-relay measures is to guess a valid account name and try to send mail using it Click here and quessing will not be fruitful

Khi thư gửi từ một Mda domain sẽ được kiêm tra trong +l | 7 —— — Mda trung chuyên thư [_— Mail addressed to known aliases can always be ST

With MDaemon it is possible to create aliases that point to other non-local domains Click here if it is ok to relay mail to such aliases

cơ sở đữ liệu về account và nó

phải tôn tại.Nêu không Mda sẽ

từ ch Ke ns thu di |¥ Mail sent via authenticated SMTP sessions can always be relaye

ucnol gui thu dl If senders can authenticate using the AUTH protocol odds are they shoul

[” Mail can always be relayed through domain gateways be allowed to relay Relaying should normally be allowed for gateway hosted i J Hinh:4.68 lo | Cancel

của các Alias mà không cân bit các thiệt lập

(rung chuyên

Cho phép trung chuyên các thư được gửi thông Mail luôn luôn được

Create PDF files without this message by purchasing novaPDF printer (http:/www.novapdf.com)

phép trung chuyén qua

Reverse lookups: Security Settings Relay Settings | Trusted Hosts | Tarpit Settings Reverse Lookup 2| x! Reverse lookups

These switches allow MDaemon to track into the log files the result of a reverse lookup on the incoming host's IP or identification

Perform reverse PTR record lookup on inbound SMTP connections _ send 507 and shut down connection ifne PIA record match [~ Perform lookup on HELO/EHLO domain

|¥ ‘Perform lookup on value passed in the MAIL command

Refuse to accept mail if a lookup returns ‘domain not found! J¥ send 501 error code (normally sends 451 error [” and then shut down the socket connectio

a.Head Translation: Header Translation E xị Enter new header translation

If 4 message is FROM a local domain and TO a non-local domain then the headers of the outgoing message are scanned for the text specified

here and that text is replaced with something new This is useful when you want to convert each occurance of a local domain name within the

headers with 4 real domain name Existing header text |

ew header text | Add

IV Translate headers in forwarded messages

JV Translate headers in gateway messages forwarded to host or IP

Currently defined header translations

b.Header Translation Exception: Hinh:4.72

Header Translation Ewceptions ' xị Do not translate values in these headers

Header value | Add |

Giải phap truy van DNS va luu giữ địa chỉ IP cần truy vẫn: :: 2x IP Cache Caching options

J Automatically cache uncached domains:

Clear cache at each processing interval

Default time to live [minutes] 60 fuse 9999 and entry will not expire) Maximum cached entries 50

Thiết lập thoại và lây thư qua đường điện thoại: Eyent Scheduling Send k Recelve Mai | AniVius Updates|

B4\//sustem mail processing interval 60 min ———— Scheduled remote mail processing event

1 J 60 What day? Friday at 00:00 (12:00 AM) ^ \ i 3 ¥ Friday at 01:00 (1:00 AM) I~ Deliver/collect remote mail at this above interval dc 4 Thursday Fak, 3 2m lun AM IV Deliver local mail immediately upon reception ¥ Monday — |¥ Friday Friday at 04:00 (4:00 4M)

yey Vv Vv Friday at 05:00 (5:00 4M I Deliver remote mail immediately upon reception IV lương |V SMujy Fiday 3 06:00 en AN|

Simple scheduling M Wednesday Friday at 07:00 (7:00 AM)

Friday at 08:00 (8:00 AM)

Iv Wait | 30 minutes after the last mail What hour? Friday at 09:00 (9:00 4M)

¬ Friday at 10:00 (10:00 4M

session starts before initiating the next one [Every hour M Filay 3 1110 f 100 a

Scheduling options Friday at 12:00 (12:00 PM)

JV Always send mail if there's | 1 ormore © Whatminute? = ; Friday at lâm tl Đ PM) i) | Friday at 14:00 [200 PM]

RAS Dialup Settings ; Be -

I Dialup only if remote mail is waiting in outbound que

JZ Notify [Postmaster when dialup attempts fail Dialup attempts

AY) Make this many attempts to establish a session 1

After dialing, wait this many seconds for 4 valid connection 60 Connection persistence

: Once established, MDaemon will not close the RAS session Lư Keep sessions alive for at least 1 minutes (0 = immediate

If applicable, you should use the option that has MDaemon leave RAS sessions open If you need to close the session based on inactivity use

Logon Setting: RÃãS Dialup Settings Ề ?| x| Dialup Settings ISP Logon Settings | Post Connection | LAN Domains | LAN IPs | Dialup profile

ay Use any currently active dialup sessioré

Logon name Use this RAS dialup profile Logon password Maximized use x] New profile} Edit pro Ae | Maximize use of this connection profile

Every so many minutes, MDaemon will check the computer system to see if perhaps another program has initiated the selected RAS profile If so, MDaemon will use the existing connection while it is available You can control the time interval between uses of an existing connection by entering 4 value in minutes into this control

Use existing connection every | 1ñ minutes Hangup now |

Cancel | aoe _|