Šta je novo?

Pomoc oko exchangea

Monk Psycho

Slavan
Učlanjen(a)
14.05.2007
Poruke
1,657
Poena
350
Moja oprema  
CPU & Cooler
i7 2600k scythe katana; i7 6700
Matična ploča
asrock z77 pro4; hp elitedesk 800
RAM
32;16
GPU
7950; intel integrated
Storage
spinning rust
Zvuk
integrale on both
PSU
seasonic 750w; hp elitedesk 200w
Kućište
fractal design arc xl; elitedesk 800
Monitor
dell p2414h
Miš & tastatura
logitech neka polovna
Ostale periferije
altec atp3
Mobilni telefon
Coolpad Cool S1
Pristup internetu
  1. Optički internet
Nisam radio sa exchangeom puno, a i ovo mi je dato da probam da resim u sto kracem roku.

Treba da se radi implementacija spf, dkim i dmarc-a na exchange-u, pa ako postoji neka dobra dusa da ga gnjavim preko priv poruka ili necega sa par pitanja bio bih zahvalan. Ako treba i oduzicu se za mucenje :d:d

Nisam znao gde da stavim temu pa je zato ovde :wall:
 
To je relativno kompleksna tema za detaljan opis, ali evo neke smernice ukratko.

SPF za odlaznu postu konfigurises na DNS serveru, bez obzira koji je mail system u pitanju. Dodaje se TXT zapis za domen koji obicno izgleda ovako

Kod:
"v=spf1 ip4:192.168.0.1/16 -all"

The "ip4" mechanism (edit)
ip4:<ip4-address>
ip4:<ip4-network>/<prefix-length>
The argument to the "ip4:" mechanism is an IPv4 network range. If no prefix-length is given, /32 is assumed (singling out an individual host address).

Examples:

"v=spf1 ip4:192.168.0.1/16 -all"

Allow any IP address between 192.168.0.1 and 192.168.255.255.

SPF zapis treba da sadrzi ip adresu dodeljenu na transport edge serveru ako povezan direktno na internet, ili ako je natovan onda treba javna internet adresa rutera. To je dakle ip adresa poslednjeg hop-a.

Sto se tice SPF verifikacije na dolaznu postu, moze da se instalira anti-spam agents na Exchange, pa da se naprave transport pravila sta se desava sa porukom na osnovu rezultata SPF verikacije.

Mechanisms

Mechanisms can be prefixed with one of four qualifiers:

"+" Pass
"-" Fail
"~" SoftFail
"?" Neutral
If a mechanism results in a hit, its qualifier value is used. The default qualifier is "+", i.e. "Pass". For example:

"v=spf1 -all"
"v=spf1 a -all"
"v=spf1 a mx -all"
"v=spf1 +a +mx -all"
Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is "Neutral".

If a domain has no SPF record at all, the result is "None". If a domain has a temporary error during DNS processing, you get the result "TempError" (called "error" in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is "PermError" (formerly "unknown").

Evaluation of an SPF record can return any of these results:

Result Explanation Intended action
Pass The SPF record designates the host to be allowed to send accept
Fail The SPF record has designated the host as NOT being allowed to send reject
SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
Neutral The SPF record specifies explicitly that nothing can be said about validity accept
None The domain does not have an SPF record or the SPF record does not evaluate to a result accept
PermError A permanent error has occured (eg. badly formatted SPF record) unspecified
TempError A transient error has occured accept or reject


Exchange server nativno ne podrzava DKIM potpisivanje i verifikaciju, pa se mora instalirati dodatni softver koji to obavlja na transport edge serveru, da li ti je dozvoljeno da instaliras dodatni softver to moras da vidis.

DMARC mozes da konfigurises tek nakon usposnog konfigurisanja SPF, DKIM.
 
Hvala, to sam i ja izguglao, a trenutno najvise citam oko dmarca, to mi je najzeznutije...

Sent from my NX505J using Tapatalk
 
Nazad
Vrh Dno