![Keamanan Email [PDF]](https://pdfs.asia/img/200x200/keamanan-email.jpg)
16 0 1 MB
Direktorat Sistem Informasi, Perangkat Lunak Dan Konten Direktorat Jenderal Aplikasi Telematika Departemen Komunikasi Dan Informatika 2006
KATA PENGANTAR Salah satu fasilitas dari Teknologi Informasi dan Komunikasi (TIK) adalah surat elektronik atau e-mail, yang pada dasarnya hanyalah sebuah pesan yang dikirim melalui internet. Namun, dengan kondisi terkoneksi ke jaringan global, setiap pengguna e-mail rentan terhadap ancaman Keamanan Informasi. E-mail seringkali dimanfaatkan sebagai pintu masuk ancaman Keamanan Informasi seperti serangan virus ataupun spam. Umumnya yang menjadi sarana tempat masuknya ancaman keamanan tersebut adalah lampiran (attachment) dalam email. Pengguna email secara tidak sadar membuka lampiran tersebut sehingga pada saat itu juga virus yang berupa program yang tersembunyi mulai bekerja. Pengguna semacam ini yang sering menjadi titik lemah persoalan keamanan email. Oleh karena itu perlu diperhatikan cara pengguna komputer dalam menangani email, agar risiko serangan dapat ditekan. Untuk membantu masyarakat khususnya pengguna TIK dalam menangani masalah keamanan transportasi e-mail, maka Direktorat Sistem Informasi, Perangkat Lunak dan
Konten membuat Tutorial Aplikasi Trasportasi E-mail berbasis open source di mana dalam tutorial ini diajarkan bagaimana menginstalasi aplikasi keamanan untuk sistem transportasi e-mail. Korespondensi ditujukan ke alamat email: [email protected]
Semoga bermanfaat! Jakarta, Desember 2006
Lolly Amalia Abdullah Direktur Sistem Informasi, Perangkat Lunak dan Konten
DIREKTORAT SISTEM INFORMASI, PERANGKAT LUNAK DAN KONTEN.......................................................................................2 DAFTAR ISI...........................................................................................5 DAFTAR GAMBAR..............................................................................7 DAFTAR TABEL...................................................................................8 ARSITEKTUR SISTEM KEAMANAN TRANSPORTASI EMAIL 9 SECURE EMAIL SERVER................................................................11 MAIL TRANSFER AGENT.........................................................................12 Postfix Mail Transfer Agent..........................................................13 Instalasi Postfix ...........................................................................13 Konfigurasi Dasar Postfix ...........................................................14 Konfigurasi Postfix Menggunakan SSL........................................16 Mekanisme Authentikasi Email Server.........................................19 Simple Authentication Security Layer (SASL)..............................20 Konfigurasi Authentikasi Mail Server dengan SASL ...................21 Setting SASL dengan Pluggable Authentication Module..............25 POST OFFICE PROTOCOL VERSI 3 (POP3).................................................28 Instalasi Dovecot POP3...............................................................28 Konfigurasi Dasar Dovecot POP3...............................................29 Konfigurasi Quota Dovecot – POP3............................................33 Konfigurasi Authentikasi Dovecot POP3.....................................34 INTERNET MAIL ACCESS PROTOCOL (IMAP)............................................36 Instalasi Dovecot IMAP................................................................37 Konfigurasi Dovecot IMAP..........................................................38 Konfigurasi Quota Dovecot – IMAP............................................42 Konfigurasi Authentikasi Dovecot - IMAP...................................44 REFERENSI......................................................................................45 EMAIL ANTIVIRUS...........................................................................46 PENDAHULUAN.......................................................................................47
CLAM ANTIVIRUS...................................................................................48 Konfigurasi Clam Antivirus..........................................................49 Update Database Virus.................................................................49 MAIL SCANNER.....................................................................................51 Instalasi Mail Scanner..................................................................51 Konfigurasi Mail Scanner.............................................................52 Konfigurasi Postfix.......................................................................55 REFERENSI......................................................................................57 EMAIL ANTISPAM............................................................................58 POSTFIX ANTISPAM.................................................................................62 Konfigurasi Postfix ......................................................................62 Konfigurasi Postfix Master.cf.......................................................68 SPAMASSASSIN......................................................................................69 Instalasi SpamAssassin.................................................................69 Konfigurasi SpamAssassin............................................................70 RAZOR..................................................................................................71 Instalasi Razor..............................................................................71 Konfigurasi Razor.........................................................................71 PYZOR..................................................................................................73 Instalasi Pyzor..............................................................................73 Konfigurasi Pyzor.........................................................................74 REFERENSI..................................................................................76 PRETTY GOOD PRIVACY...............................................................77 PENDAHULUAN.......................................................................................78 Instalasi Gnu Privacy Guard........................................................87 Pembuatan Private Key dan Public Key......................................87 Enkripsi dengan menggunakan GPG...........................................91 Dekripsi dengan menggunakan GPG...........................................92 REFERENSI......................................................................................94 PGP KEYSERVER..............................................................................95 Instalasi LDAP Server..................................................................96 Konfigurasi LDAP sebagai PGP Keyserver.................................97 REFERENSI....................................................................................102
GAMBAR 1 - ALUR MEKANISME SISTEM KEAMANAN EMAIL...................................................................................................10 GAMBAR 2 - ALUR PENGIRIMAN EMAIL..................................12 GAMBAR 3 - ALUR MEKANISME AUTHENTIKASI..................19 GAMBAR 4 - SISTEM EMAIL ANTIVIRUS...................................47 GAMBAR 5 - STATISTIK SPAM......................................................60 GAMBAR 6 - ARSITEKTUR IMPLEMENTASI PRETTY GOOD PRIVACY..............................................................................................84
TABEL 1 - STRUKTUR PRETTY GOOD PRIVACY....................80
Mailbox Menerima Email
DOVECOT
PAM Mengirim Email
LDAP
POSTFIX
CYRUS - SASL
ANTI VIRUS
ANTI SPAM
Gambar 1 - Alur Mekanisme Sistem Keamanan Email
!
! !
#
"!
!
"
$
JARINGAN KOMPUTER
MUA
MTA
Simple Mail Transport Protocol
DNS
MTA
Mailbox
MUA
Gambar 2 - Alur Pengiriman Email % '
#
& (
)
(
. '
+
&
,-
"" ,
/ ) !
'
* !
* !
& %"
0, 1 !
/
2 ) "!
2 !
*
2 , %"3
2 ,
2 /
, 0!,
"
%"
!
0 ,
!
!
"
!
! $
"
(
!
"
0 !
&
root@MailServer:~# apt-get install postfix
,
!
(
#
"
!
"
%"
0
, "
"
"
myhostname myorigin mynetworks message_size_limit mydestination relay_domains relayhost smtpd_helo_required alias_maps recipient_delimiter disable_vrfy_command local_recipient_maps
%$= = = = = = = = = = = =
0!
depkominfo.go.id mail2.depkominfo.go.id yes hash:/etc/aliases yes
"
!
"
!
,
!
! !
" !
!
! & ' &
$
" !
!
!
! !
!
! !
!
$
" !
!
$
mail.depkominfo.go.id depkominfo.go.id 192.168.0.0/24, 202.46.0.0/24 10485760
"
$
$
" "!
!
# !
!
!
$
%
!
!
! !
!
!
$
"!
"!
!
!
!
"
!
$
(
" !
!
3"
!
)&%
&
!
#
!
*
)
!
!
"
!
"
! ! !
!
!
$&)
!
!
!
$
"
"
! ! !
$
"
"!
!
!
! #
!
$
$&%
" ! $
" !
!
!
! "
!
"
!!
smtpd_use_tls
= yes
smtpd_tls_auth_only = yes smtpd_tls_key_file
= /etc/ssl/server-key.pem
smtpd_tls_cert_file = /etc/ssl/server-cert.pem smtpd_tls_CAfile
= /etc/ssl/ca-cert.pem
smtpd_tls_loglevel
= 1
smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source
)&
= dev:/dev/urandom
&
" ! !
*
*
#
!
$
)& ! !
!
"!
/$
0
" !
/
!
"
4
!
!
" 4
! !
#
$
&
%&
$
" !
" !
"! $
$
!
"
!
"! "
"
)&
! " "!
$
&
$&
" ! !
" " "
)&
"
" !
$
&+
&
" ! !
"
0
" ! " " "
)&
$
&
" ! !
)&
&
"
" !
"
0
+
"
! !
" !
"
0 "!
#
! ! !
!
!
"!
+" "
$ &
4
4
" 4
4 ! "
) 5677 ,
"! !
$
&+ +% &
!
!
0
"!
! $
5677
&
)
&
+
" ! !
#
!
! !
"
! !
$
! ! &8
8
0
" !
! %
"
4 "!
" " " "! 4 "
$
%
,
` EMAIL SERVER
SASL
PAM
ACCOUNT SERVER
Gambar 3 - Alur Mekanisme Authentikasi !
! "
!
! !
!
$ % " " "
!
! "
* !
/$
" " " !
!
!
!
! $ (
!
!
"
# !
"
!" ! " "
%
#
,!" "
%
%
*%
/$
! ! !
,
! ! !
3"
!
!
,
! !
!
3
, !
.$
!
,% ! !
! "
!
!
"
!
!
$
%
+
+
$
$
-
*
.
/
" " "
!
"
$ ! !
- % *-
! %
%
%$3 " /, 9 :, + "
!
# '
& ;,
'
,
;, 2
! ! $
!
%
,
)
!
! & root@MailServer:~# apt-get install sasl2-bin libsasl2 libsasl2-modules
(
!
"
!
!
"
/ +/
!
0
"/
"
0+
0 "
& smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain unknown_local_recipient_reject_code = 450 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
& 3
&
%&
1
!
!
! ! $ %
! ! !
, "
$
)&
&
3
%&
1
!
!
! !
!
$
)&
&
+
$&
"
! !
%
!
"
< "
"
!
$
,
!" =
!
! $
)&
& + &)
" !
!
! !
"!
"
"
$ %
! !
" "
!
! !
!
" "!
" ! $
!
"!
"
" " ,
!
"
!
! 3
>
!
"!
!
"$ "$ ,
< "!
"$ "$ = !
!
!
" 3
&
! >
"!
"$ "$ > "!
"$ "$
#
$
!
"!
!
"
! !
"!
,
!
#
!
# !
" "
"! $
!
(
!
! 8
8
"
8
START=yes MECHANISMS=pam PARAMS="-m /var/spool/postfix/etc"
! ! !
,
" "!
#
$2 $
$
2 !
! !
" !
!
" $ 9"
! ! ! ! !
!
"
! !
%
, !
"
$
! ! !
! $
" ! "
!
8 #
"
8
8
,
!
8
8 "
08
"
8 !
$ "
!
&
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: login plain "
" !
$
?
&
( +% + &
% )
! !
" !
!
"
%$!
3"
!
#
,
!
!
"
$
%)& ! !
% " !
"
#$
+%&
! !
" !
! $
!
#
!
(
)
!
!! 1
!
8
!$ 8 !
" "
)
0
!"
!
"
auth account password session (
+
" !
8
%
&
required required required required
!
pam_ldap.so pam_ldap.so pam_ldap.so pam_ldap.so ,
!
"
!
! ! "
$
" %
" , 8
BASE URI
8
! 8
$ "
" &
dc=depkominfo, dc=go, dc=id ldaps://ldap.depkominfo.go.id
ldap_version scope ssl tls_checkpeer tls_reqcert
3 sub on no never
#
!
% )
$
* 2/
"
" !
!
"
! $ )
3
+" "
, )
"!
2
&
", ) ", ) $
*
/
%
"
$ !
#
( !
3 !
!
@
! ! !
2
%
!
"
(
$ 2
! !
&
&88
"!
"$ "$ ,
&88AB@$A6C$A$@
&88
"!
"$ "$ &656 ,
,
$
! % ! !
&
! !
"!
"
*+
! %
!
$
!
"! "!
!
!
! ! !
$
!
"
! !
"!
+
!
" "
$ &+% + !
!
!
"!
! !
)
"
$
&,
!
" " "
! ! "!
(
%
!
"
$
# !
#
&
root@MailServer:~# # testsaslauthd -u -p
+
+
,
3-
3.
5 *%- %5/ !
" " "
!
!
"
$ %
"
!
! !
"
!
!
!
! !
! !
!
,
$ 2 ! !
!
!
" "! ,
!
"
"
!
"
" $ %
! !
,
* %/ !
!
! " " " %- %5
# , +
" !
!
$
3
root@MailServer:~# apt-get install dovecot dovecot-pop3d
!
#
# , +
3
protocols = pop3 pop3s ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
" " " "
"
" #
$ %
" " "
&
o
" " "
o
" " " ! !
o
% " " " % " " "
!
!
!
" 3
" " " %"
-
% " " "
5
o
3
" " " !
!
!
&)
%"
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
!
!
! !
)
1 & "
"
!
" &
"
$
%
" ! !
" !
!
!
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%- %5$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &,
&,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%- %5$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%- %5$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
%- %5
)
"
? !
" !
!
!
"
%- %5
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%- %5
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
! "
4
# , +
" %- %5
!
5
! !
. "
!" !
$ 9
!
!
! !
# !
"0
*
! !
"
#
" @
!
# !
!
!
!
!
" "0$
,
! !
"
! !
!
!
3
"! # !
!
# !
! $
protocol pop3 { mail_plugins = quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
/
!
%
# , +
"
"
"
%
"
? %- %5
*
/
! "
0$ %
! !
!" !
"
!
! "
3
"
3"
! !
"
" $
passdb pam { # menggunakan /etc/pam.d/pop3 args = session=yes pop3 }
! 8
8 "
!
" 8 "
" $ " !
8
8
!
#
!
! $ 8 " 5$
"
%
!
auth required account required
&
pam_unix.so nullok pam_unix.so
# jika ingin menggunakan LDAP maka dapat # ditambahkan entry berikut # auth # account
sufficient sufficient
pam_ldap.so pam_ldap.so
% !
% !
++
"
!
"
$
% !
$
"
"
" "
++
!
+
-
.
*
%/
" " "
!
!
$ !
" !
%
" "!
! "
! & %
! ! !
!
"
'
%,
"
! !
, ! !
"
, !
!
$
$
" '
"3
"
! ! !
%- %5, !
"
%- %5
!
!
"
%
"
%$ 9 " " "
"
"
,
"!
!
# , + (
!
"
"
%
,
&
root@MailServer:~# apt-get install dovecot dovecot-imapd
) , +
!
" "
) , + 6 "
!
"
! ?
"
!
" % " " " *
! " "
"
"
!
" $
) !
) , + 6+
"
! ! %/
" $
! ?
!
(
# , +
!
"
"
"
"
8
8 "
%
,
" 8 "
" $ "
protocols = imap imaps ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot login_greeting = IMAP Server DEPKOMINFO first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
"
" " " "
$ %
" #
" " "
&
o
" " "
% " " "
o
" " " !
!
!
!
!
"
o
3
o
3
" " " %" " " " !
-
% " " "
%" !
!
&)
% " " "
5
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
! !
!
!
$
! "
)
1 & "
" &
%
"
"
!
! ! !
" !
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &, &,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
% )
"
? !
" !
!
!
"
%
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
!
4
# , +
5 "
! "
"
. "
"
!
% "
$
! !
# !
! !
" " "
$
"
. "
"
" $
protocol imap { mail_plugins = quota imap_quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
% !
# !
! !
•
! !
)
"
"
$
! # !
•
)
$
)
!
# ! !
"0
! $
!
!
?
•
) # !
!
!
!
! $
"! # !
!
%
"
"
"
%
# , +
6
"
%
?
*%
"
! "
"
/
0$ %
! !
!" !
"
!
!
! !
"
3" "
"
" $
passdb pam { # menggunakan /etc/pam.d/imap args = session=yes imap }
! 8
8 "
!
" 8 "
" $ " !
8
8
!$ 8!
auth required account required # # # # #
!
#
! $
"
%
!
&
pam_unix.so nullok pam_unix.so
jika ingin menggunakan LDAP maka dapat ditambahkan entry berikut auth sufficient pam_ldap.so account sufficient pam_ldap.so
1.
!" &88
&
$
% $
2. %- %5 ? D
8! "
8
8 "
,
"
08 !
8
" &88 $3 5$
$" 83
% ?D
"
8%- %5 ,
"
" &88 $3
$" 83
E$
8
%
% " " " ?D
,
" &88 ;$ %"
$3
-
$" 83
% " " " ?D
&88
6.
$3
!
&883
7.
%$, (
"
8%" 4-
3"
@776$ A; 2 " $ "
% ,
$" 83
" ; 2"
8
4% " " "
8% !
" $" 8%
? "
" D
@776$ 3"
8%
$ F "3 "
3
"!
,6 2"
$ "
" $" 8 "
,
!
G
@776$ A; 2 "
!
%"
!
@776$ &883
"
0
1
EMAIL ANTIVIRUS
) % G
"
!
!
! "! !
$
!
!
"
#
!
H 2
?
!
?
!
$
, CIJ
"!
!
!
!
3
" "3
"
!
?
"
!
!
#
$ !
"
"
,
!
!
,!
!
!
? !
!
" ! !
!
$ KIRIM INTERNET
` TERIMA
EMAIL SERVER
VIRUS SCANNER
Gambar 4 - Sistem Email Antivirus
!
!
!
!
!
$ 9"! "
!
! !
!
!
*
/$
! !
! !
!
# !
!
! ,
! ! #
!
$
!
+
*
&883 3 3 $
!
$"
" /
! *
&883 3 3 $!
$"
/$
, (
!
+
0
!
! " #
$
root@MailServer:~# apt-get install clamav clamavfreshclam clamav-base
!
!
'
!
! !
!
' !
! $
!
,
F
! !
!
!
" (
!
!
!
!
!
)
"
8
#
$
" 8
!
8
!
$ "
1 !
!
?
! !
#
! ! $
!
-
?
$ + !
! !
!
!
, " "!
!
! !
#" $ (
!
!
" !
$
root@server:~# clamav-freshclam
#
! " "!
"
!
, !
!
!
#" 0$ %
! " !
"
!
* " /
"
!
# ! ,! #
! $ %
! " # ! A@ !
#
!
"
!
3 "
!
! "
!
" "! , !
"
"
&
root@server:~# crontab -e
!
!
?
#"
!
"
"
0 * * * *
%
! !
&
/usr/local/bin/clamav-freshclam
#" '
! !
!
#
?7 #
, #!$
+
! , ! ! ! ! !
!
! !
!
!
$ % ! !
!
!
! ,
!
!
" "! !
!
!
! $
+ (
!
!
! &
root@MailServer:~# apt-get install mailscanner
!
+
%org-name% = Depkominfo %org-long-name% = Departemen Komunikasi dan Informatika %web-site% = www.depkominfo.go.id Run As User = postfix
# # Run As Group = postfix # # Max Children = 5
ini adalah user dari MTA anda ini adalah group dari MTA anda
Incoming Queue Dir = /var/spool/postfix/incoming Outgoing Queue Dir = /var/spool/postfix/hold MTA = postfix # ini adalah MTA anda Virus Scanners = clamav # ini adalah antivirus # yang anda gunakan
7
!6
7
" ! !
!
7
" ! !
!6
!6
"
$
7
" ! !
"
!
!
" ! !
!
#
$
" ! ! !
#
" !
! $
8
" ! ! !
"
" !
!
"
#
$
% )
" ! !
" !
# !
!
! !
#
!
!
!
+
! 4
?!
!
#
" ! !
"
$
" !
!
!
"
!
!
! $
!
! 4
#
" ! !
" !
" !
!
!
"
!
!
$
" ! ! !
" ! !
!
!
!
$
"
+
" ! !
" !
#
! !
#
"
$
! ! $
! !
!
"
! (
/ +/
"/
!
0+
! "
"
!
! !
!
0
!
,!
!
!
!
!
! $
8
(
8 "
! 08!
$
!
& header_checks = pcre:/etc/postfix/header_checks
!
/ +/
!
"/%
)
&+% +
"
!
8
8 "
08!
#
!
!
8
8 "
08
4 4
" 8
$
" 8 "
08
0 ! ! 4
/^Received:/ HOLD
! $
$ F
9
4
!
" ! " !
$
, !
!
#
A$ %"
0 !
!
( ,
K" , % K" , ++
&883 3 3 $ "3 " "
@$ %" 5$ 2
$ "! 8 "
0 !, "
! 4!
4
&883 3 3 $ "
$
