Keamanan Email
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Keamanan Email as PDF for free.
More details
- Words: 6,705
- Pages: 102
Direktorat Sistem Informasi, Perangkat Lunak Dan Konten Direktorat Jenderal Aplikasi Telematika Departemen Komunikasi Dan Informatika 2006
KATA PENGANTAR Salah satu fasilitas dari Teknologi Informasi dan Komunikasi (TIK) adalah surat elektronik atau e-mail, yang pada dasarnya hanyalah sebuah pesan yang dikirim melalui internet. Namun, dengan kondisi terkoneksi ke jaringan global, setiap pengguna e-mail rentan terhadap ancaman Keamanan Informasi. E-mail seringkali dimanfaatkan sebagai pintu masuk ancaman Keamanan Informasi seperti serangan virus ataupun spam. Umumnya yang menjadi sarana tempat masuknya ancaman keamanan tersebut adalah lampiran (attachment) dalam email. Pengguna email secara tidak sadar membuka lampiran tersebut sehingga pada saat itu juga virus yang berupa program yang tersembunyi mulai bekerja. Pengguna semacam ini yang sering menjadi titik lemah persoalan keamanan email. Oleh karena itu perlu diperhatikan cara pengguna komputer dalam menangani email, agar risiko serangan dapat ditekan. Untuk membantu masyarakat khususnya pengguna TIK dalam menangani masalah keamanan transportasi e-mail, maka Direktorat Sistem Informasi, Perangkat Lunak dan
Konten membuat Tutorial Aplikasi Trasportasi E-mail berbasis open source di mana dalam tutorial ini diajarkan bagaimana menginstalasi aplikasi keamanan untuk sistem transportasi e-mail. Korespondensi ditujukan ke alamat email: [email protected]
Semoga bermanfaat! Jakarta, Desember 2006
Lolly Amalia Abdullah Direktur Sistem Informasi, Perangkat Lunak dan Konten
DIREKTORAT SISTEM INFORMASI, PERANGKAT LUNAK DAN KONTEN.......................................................................................2 DAFTAR ISI...........................................................................................5 DAFTAR GAMBAR..............................................................................7 DAFTAR TABEL...................................................................................8 ARSITEKTUR SISTEM KEAMANAN TRANSPORTASI EMAIL 9 SECURE EMAIL SERVER................................................................11 MAIL TRANSFER AGENT.........................................................................12 Postfix Mail Transfer Agent..........................................................13 Instalasi Postfix ...........................................................................13 Konfigurasi Dasar Postfix ...........................................................14 Konfigurasi Postfix Menggunakan SSL........................................16 Mekanisme Authentikasi Email Server.........................................19 Simple Authentication Security Layer (SASL)..............................20 Konfigurasi Authentikasi Mail Server dengan SASL ...................21 Setting SASL dengan Pluggable Authentication Module..............25 POST OFFICE PROTOCOL VERSI 3 (POP3).................................................28 Instalasi Dovecot POP3...............................................................28 Konfigurasi Dasar Dovecot POP3...............................................29 Konfigurasi Quota Dovecot – POP3............................................33 Konfigurasi Authentikasi Dovecot POP3.....................................34 INTERNET MAIL ACCESS PROTOCOL (IMAP)............................................36 Instalasi Dovecot IMAP................................................................37 Konfigurasi Dovecot IMAP..........................................................38 Konfigurasi Quota Dovecot – IMAP............................................42 Konfigurasi Authentikasi Dovecot - IMAP...................................44 REFERENSI......................................................................................45 EMAIL ANTIVIRUS...........................................................................46 PENDAHULUAN.......................................................................................47
CLAM ANTIVIRUS...................................................................................48 Konfigurasi Clam Antivirus..........................................................49 Update Database Virus.................................................................49 MAIL SCANNER.....................................................................................51 Instalasi Mail Scanner..................................................................51 Konfigurasi Mail Scanner.............................................................52 Konfigurasi Postfix.......................................................................55 REFERENSI......................................................................................57 EMAIL ANTISPAM............................................................................58 POSTFIX ANTISPAM.................................................................................62 Konfigurasi Postfix ......................................................................62 Konfigurasi Postfix Master.cf.......................................................68 SPAMASSASSIN......................................................................................69 Instalasi SpamAssassin.................................................................69 Konfigurasi SpamAssassin............................................................70 RAZOR..................................................................................................71 Instalasi Razor..............................................................................71 Konfigurasi Razor.........................................................................71 PYZOR..................................................................................................73 Instalasi Pyzor..............................................................................73 Konfigurasi Pyzor.........................................................................74 REFERENSI..................................................................................76 PRETTY GOOD PRIVACY...............................................................77 PENDAHULUAN.......................................................................................78 Instalasi Gnu Privacy Guard........................................................87 Pembuatan Private Key dan Public Key......................................87 Enkripsi dengan menggunakan GPG...........................................91 Dekripsi dengan menggunakan GPG...........................................92 REFERENSI......................................................................................94 PGP KEYSERVER..............................................................................95 Instalasi LDAP Server..................................................................96 Konfigurasi LDAP sebagai PGP Keyserver.................................97 REFERENSI....................................................................................102
GAMBAR 1 - ALUR MEKANISME SISTEM KEAMANAN EMAIL...................................................................................................10 GAMBAR 2 - ALUR PENGIRIMAN EMAIL..................................12 GAMBAR 3 - ALUR MEKANISME AUTHENTIKASI..................19 GAMBAR 4 - SISTEM EMAIL ANTIVIRUS...................................47 GAMBAR 5 - STATISTIK SPAM......................................................60 GAMBAR 6 - ARSITEKTUR IMPLEMENTASI PRETTY GOOD PRIVACY..............................................................................................84
TABEL 1 - STRUKTUR PRETTY GOOD PRIVACY....................80
Mailbox Menerima Email
DOVECOT
PAM Mengirim Email
LDAP
POSTFIX
CYRUS - SASL
ANTI VIRUS
ANTI SPAM
Gambar 1 - Alur Mekanisme Sistem Keamanan Email
!
! !
#
"!
!
"
$
JARINGAN KOMPUTER
MUA
MTA
Simple Mail Transport Protocol
DNS
MTA
Mailbox
MUA
Gambar 2 - Alur Pengiriman Email % '
#
& (
)
(
. '
+
&
,-
"" ,
/ ) !
'
* !
* !
& %"
0, 1 !
/
2 ) "!
2 !
*
2 , %"3
2 ,
2 /
, 0!,
"
%"
!
0 ,
!
!
"
!
! $
"
(
!
"
0 !
&
root@MailServer:~# apt-get install postfix
,
!
(
#
"
!
"
%"
0
, "
"
"
myhostname myorigin mynetworks message_size_limit mydestination relay_domains relayhost smtpd_helo_required alias_maps recipient_delimiter disable_vrfy_command local_recipient_maps
%$= = = = = = = = = = = =
0!
depkominfo.go.id mail2.depkominfo.go.id yes hash:/etc/aliases yes
"
!
"
!
,
!
! !
" !
!
! & ' &
$
" !
!
!
! !
!
! !
!
$
" !
!
$
mail.depkominfo.go.id depkominfo.go.id 192.168.0.0/24, 202.46.0.0/24 10485760
"
$
$
" "!
!
# !
!
!
$
%
!
!
! !
!
!
$
"!
"!
!
!
!
"
!
$
(
" !
!
3"
!
)&%
&
!
#
!
*
)
!
!
"
!
"
! ! !
!
!
$&)
!
!
!
$
"
"
! ! !
$
"
"!
!
!
! #
!
$
$&%
" ! $
" !
!
!
! "
!
"
!!
smtpd_use_tls
= yes
smtpd_tls_auth_only = yes smtpd_tls_key_file
= /etc/ssl/server-key.pem
smtpd_tls_cert_file = /etc/ssl/server-cert.pem smtpd_tls_CAfile
= /etc/ssl/ca-cert.pem
smtpd_tls_loglevel
= 1
smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source
)&
= dev:/dev/urandom
&
" ! !
*
*
#
!
$
)& ! !
!
"!
/$
0
" !
/
!
"
4
!
!
" 4
! !
#
$
&
%&
$
" !
" !
"! $
$
!
"
!
"! "
"
)&
! " "!
$
&
$&
" ! !
" " "
)&
"
" !
$
&+
&
" ! !
"
0
" ! " " "
)&
$
&
" ! !
)&
&
"
" !
"
0
+
"
! !
" !
"
0 "!
#
! ! !
!
!
"!
+" "
$ &
4
4
" 4
4 ! "
) 5677 ,
"! !
$
&+ +% &
!
!
0
"!
! $
5677
&
)
&
+
" ! !
#
!
! !
"
! !
$
! ! &8
8
0
" !
! %
"
4 "!
" " " "! 4 "
$
%
,
` EMAIL SERVER
SASL
PAM
ACCOUNT SERVER
Gambar 3 - Alur Mekanisme Authentikasi !
! "
!
! !
!
$ % " " "
!
! "
* !
/$
" " " !
!
!
!
! $ (
!
!
"
# !
"
!" ! " "
%
#
,!" "
%
%
*%
/$
! ! !
,
! ! !
3"
!
!
,
! !
!
3
, !
.$
!
,% ! !
! "
!
!
"
!
!
$
%
+
+
$
$
-
*
.
/
" " "
!
"
$ ! !
- % *-
! %
%
%$3 " /, 9 :, + "
!
# '
& ;,
'
,
;, 2
! ! $
!
%
,
)
!
! & root@MailServer:~# apt-get install sasl2-bin libsasl2 libsasl2-modules
(
!
"
!
!
"
/ +/
!
0
"/
"
0+
0 "
& smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain unknown_local_recipient_reject_code = 450 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
& 3
&
%&
1
!
!
! ! $ %
! ! !
, "
$
)&
&
3
%&
1
!
!
! !
!
$
)&
&
+
$&
"
! !
%
!
"
< "
"
!
$
,
!" =
!
! $
)&
& + &)
" !
!
! !
"!
"
"
$ %
! !
" "
!
! !
!
" "!
" ! $
!
"!
"
" " ,
!
"
!
! 3
>
!
"!
!
"$ "$ ,
< "!
"$ "$ = !
!
!
" 3
&
! >
"!
"$ "$ > "!
"$ "$
#
$
!
"!
!
"
! !
"!
,
!
#
!
# !
" "
"! $
!
(
!
! 8
8
"
8
START=yes MECHANISMS=pam PARAMS="-m /var/spool/postfix/etc"
! ! !
,
" "!
#
$2 $
$
2 !
! !
" !
!
" $ 9"
! ! ! ! !
!
"
! !
%
, !
"
$
! ! !
! $
" ! "
!
8 #
"
8
8
,
!
8
8 "
08
"
8 !
$ "
!
&
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: login plain "
" !
$
?
&
( +% + &
% )
! !
" !
!
"
%$!
3"
!
#
,
!
!
"
$
%)& ! !
% " !
"
#$
+%&
! !
" !
! $
!
#
!
(
)
!
!! 1
!
8
!$ 8 !
" "
)
0
!"
!
"
auth account password session (
+
" !
8
%
&
required required required required
!
pam_ldap.so pam_ldap.so pam_ldap.so pam_ldap.so ,
!
"
!
! ! "
$
" %
" , 8
BASE URI
8
! 8
$ "
" &
dc=depkominfo, dc=go, dc=id ldaps://ldap.depkominfo.go.id
ldap_version scope ssl tls_checkpeer tls_reqcert
3 sub on no never
#
!
% )
$
* 2/
"
" !
!
"
! $ )
3
+" "
, )
"!
2
&
", ) ", ) $
*
/
%
"
$ !
#
( !
3 !
!
@
! ! !
2
%
!
"
(
$ 2
! !
&
&88
"!
"$ "$ ,
&88AB@$A6C$A$@
&88
"!
"$ "$ &656 ,
,
$
! % ! !
&
! !
"!
"
*+
! %
!
$
!
"! "!
!
!
! ! !
$
!
"
! !
"!
+
!
" "
$ &+% + !
!
!
"!
! !
)
"
$
&,
!
" " "
! ! "!
(
%
!
"
$
# !
#
&
root@MailServer:~# # testsaslauthd -u -p <password>
+
+
,
3-
3.
5 *%- %5/ !
" " "
!
!
"
$ %
"
!
! !
"
!
!
!
! !
! !
!
,
$ 2 ! !
!
!
" "! ,
!
"
"
!
"
" $ %
! !
,
* %/ !
!
! " " " %- %5
# , +
" !
!
$
3
root@MailServer:~# apt-get install dovecot dovecot-pop3d
!
#
# , +
3
protocols = pop3 pop3s ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
" " " "
"
" #
$ %
" " "
&
o
" " "
o
" " " ! !
o
% " " " % " " "
!
!
!
" 3
" " " %"
-
% " " "
5
o
3
" " " !
!
!
&)
%"
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
!
!
! !
)
1 & "
"
!
" &
"
$
%
" ! !
" !
!
!
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%- %5$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &,
&,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%- %5$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%- %5$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
%- %5
)
"
? !
" !
!
!
"
%- %5
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%- %5
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
! "
4
# , +
" %- %5
!
5
! !
. "
!" !
$ 9
!
!
! !
# !
"0
*
! !
"
#
" @
!
# !
!
!
!
!
" "0$
,
! !
"
! !
!
!
3
"! # !
!
# !
! $
protocol pop3 { mail_plugins = quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
/
!
%
# , +
"
"
"
%
"
? %- %5
*
/
! "
0$ %
! !
!" !
"
!
! "
3
"
3"
! !
"
" $
passdb pam { # menggunakan /etc/pam.d/pop3 args = session=yes pop3 }
! 8
8 "
!
" 8 "
" $ " !
8
8
!
#
!
! $ 8 " 5$
"
%
!
auth required account required
&
pam_unix.so nullok pam_unix.so
# jika ingin menggunakan LDAP maka dapat # ditambahkan entry berikut # auth # account
sufficient sufficient
pam_ldap.so pam_ldap.so
% !
% !
++
"
!
"
$
% !
$
"
"
" "
++
!
+
-
.
*
%/
" " "
!
!
$ !
" !
%
" "!
! "
! & %
! ! !
!
"
'
%,
"
! !
, ! !
"
, !
!
$
$
" '
"3
"
! ! !
%- %5, !
"
%- %5
!
!
"
%
"
%$ 9 " " "
"
"
,
"!
!
# , + (
!
"
"
%
,
&
root@MailServer:~# apt-get install dovecot dovecot-imapd
) , +
!
" "
) , + 6 "
!
"
! ?
"
!
" % " " " *
! " "
"
"
!
" $
) !
) , + 6+
"
! ! %/
" $
! ?
!
(
# , +
!
"
"
"
"
8
8 "
%
,
" 8 "
" $ "
protocols = imap imaps ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot login_greeting = IMAP Server DEPKOMINFO first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
"
" " " "
$ %
" #
" " "
&
o
" " "
% " " "
o
" " " !
!
!
!
!
"
o
3
o
3
" " " %" " " " !
-
% " " "
%" !
!
&)
% " " "
5
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
! !
!
!
$
! "
)
1 & "
" &
%
"
"
!
! ! !
" !
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &, &,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
% )
"
? !
" !
!
!
"
%
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
!
4
# , +
5 "
! "
"
. "
"
!
% "
$
! !
# !
! !
" " "
$
"
. "
"
" $
protocol imap { mail_plugins = quota imap_quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
% !
# !
! !
•
! !
)
"
"
$
! # !
•
)
$
)
!
# ! !
"0
! $
!
!
?
•
) # !
!
!
!
! $
"! # !
!
%
"
"
"
%
# , +
6
"
%
?
*%
"
! "
"
/
0$ %
! !
!" !
"
!
!
! !
"
3" "
"
" $
passdb pam { # menggunakan /etc/pam.d/imap args = session=yes imap }
! 8
8 "
!
" 8 "
" $ " !
8
8
!$ 8!
auth required account required # # # # #
!
#
! $
"
%
!
&
pam_unix.so nullok pam_unix.so
jika ingin menggunakan LDAP maka dapat ditambahkan entry berikut auth sufficient pam_ldap.so account sufficient pam_ldap.so
1.
!" &88
&
$
% $
2. %- %5 ? D
8! "
8
8 "
,
"
08 !
8
" &88 $3 5$
$" 83
% ?D
"
8%- %5 ,
"
" &88 $3
$" 83
E$
8
%
% " " " ?D
,
" &88 ;$ %"
$3
-
$" 83
% " " " ?D
&88
6.
$3
!
&883
7.
%$, (
"
8%" 4-
3"
@776$ A; 2 " $ "
% ,
$" 83
" ; 2"
8
4% " " "
8% !
" $" 8%
? "
" D
@776$ 3"
8%
$ F "3 "
3
"!
,6 2"
$ "
" $" 8 "
,
!
G
@776$ A; 2 "
!
%"
!
@776$ &883
"
0
1
EMAIL ANTIVIRUS
) % G
"
!
!
! "! !
$
!
!
"
#
!
H 2
?
!
?
!
$
, CIJ
"!
!
!
!
3
" "3
"
!
?
"
!
!
#
$ !
"
"
,
!
!
,!
!
!
? !
!
" ! !
!
$ KIRIM INTERNET
` TERIMA
EMAIL SERVER
VIRUS SCANNER
Gambar 4 - Sistem Email Antivirus
!
!
!
!
!
$ 9"! "
!
! !
!
!
*
/$
! !
! !
!
# !
!
! ,
! ! #
!
$
!
+
*
&883 3 3 $
!
$"
" /
! *
&883 3 3 $!
$"
/$
, (
!
+
0
!
! " #
$
root@MailServer:~# apt-get install clamav clamavfreshclam clamav-base
!
!
'
!
! !
!
' !
! $
!
,
F
! !
!
!
" (
!
!
!
!
!
)
"
8
#
$
" 8
!
8
!
$ "
1 !
!
?
! !
#
! ! $
!
-
?
$ + !
! !
!
!
, " "!
!
! !
#" $ (
!
!
" !
$
root@server:~# clamav-freshclam
#
! " "!
"
!
, !
!
!
#" 0$ %
! " !
"
!
* " /
"
!
# ! ,! #
! $ %
! " # ! A@ !
#
!
"
!
3 "
!
! "
!
" "! , !
"
"
&
root@server:~# crontab -e
!
!
?
#"
!
"
"
0 * * * *
%
! !
&
/usr/local/bin/clamav-freshclam
#" '
! !
!
#
?7 #
, #!$
+
! , ! ! ! ! !
!
! !
!
!
$ % ! !
!
!
! ,
!
!
" "! !
!
!
! $
+ (
!
!
! &
root@MailServer:~# apt-get install mailscanner
!
+
%org-name% = Depkominfo %org-long-name% = Departemen Komunikasi dan Informatika %web-site% = www.depkominfo.go.id Run As User = postfix
# # Run As Group = postfix # # Max Children = 5
ini adalah user dari MTA anda ini adalah group dari MTA anda
Incoming Queue Dir = /var/spool/postfix/incoming Outgoing Queue Dir = /var/spool/postfix/hold MTA = postfix # ini adalah MTA anda Virus Scanners = clamav # ini adalah antivirus # yang anda gunakan
7
!6
7
" ! !
!
7
" ! !
!6
!6
"
$
7
" ! !
"
!
!
" ! !
!
#
$
" ! ! !
#
" !
! $
8
" ! ! !
"
" !
!
"
#
$
% )
" ! !
" !
# !
!
! !
#
!
!
!
+
! 4
?!
!
#
" ! !
"
$
" !
!
!
"
!
!
! $
!
! 4
#
" ! !
" !
" !
!
!
"
!
!
$
" ! ! !
" ! !
!
!
!
$
"
+
" ! !
" !
#
! !
#
"
$
! ! $
! !
!
"
! (
/ +/
"/
!
0+
! "
"
!
! !
!
0
!
,!
!
!
!
!
! $
8
(
8 "
! 08!
$
!
& header_checks = pcre:/etc/postfix/header_checks
!
/ +/
!
"/%
)
&+% +
"
!
8
8 "
08!
#
!
!
8
8 "
08
4 4
" 8
$
" 8 "
08
0 ! ! 4
/^Received:/ HOLD
! $
$ F
9
4
!
" ! " !
$
, !
!
#
A$ %"
0 !
!
( ,
K" , % K" , ++
&883 3 3 $ "3 " "
@$ %" 5$ 2
$ "! 8 "
0 !, "
! 4!
4
&883 3 3 $ "
$
, & -./.01
,
+ ! G$
04
$
" )
,
&883 3 3 $
) !
4
0$"
%" ' " ( ))"
!
& $" *
+
$" 8 +E$ !
EMAIL ANTISPAM
!
!
!
$
!
!
!
"0
" ! !
$
!
$ 9
" !
!
#
" " !
, '
"! "
" !
" "
* " 0/, #!
!
! L
!!
!
!
!
"
! "!
!
M$
!
" 0
$
!
' !
!
!
!
!
M
L ! ,
$
!
!
' !
"
L
! !
!!
M$
"0
! ! !
3
$% !
! !
!
! ! "0
'
"
'
#
!
!
$
! ! " !
!
$
! "
!$
#
!
! !
,
Gambar 5 - Statistik Spam (! !
%
!
! ! ! !
!
"0
' ! $ +
!
!
&
'
!
' !$N
" " , !
!
!
$
!
!
$
!
*
"
/
"
!
! !
!
$
% !
! ! !
" "
! !
!
L
M$ " $
! ! !
!
L! !
#
" "
' !
!
"
!$ % !
"
! !
' !
!
#
$
#
!$
! ,
!
!
! ,! !
!
3
!
' !
!
"0$
!
! !
,
!
$
!
! !' " !
!
!
#,
*!
! "
!
! ! "
"
/
"
!
" $ 9
,! !
# "
! !,
A77J$
! '
,
!
!
'
# "
!
M " ' " !
!
' !
# !
" !
" "
!
"
!
!
"
"
? ! $
0
! " ?
! "
& A$
!
4
@$
!
4
5$
!
4
)&%
9"
"4 . 4
" 4
&
*
"
)
"
0
! !
"!
! !
"
!
! !
" !
)&
9" ! !
! !
)
&
"
!
+
"
!
?
!
0
!
! % !
$
!
!
!
!
$
! )&
"
)
&
+
&
1.
+% + & !
)
& ++
9
! !
!
" "
! 8
8 "
08
4
$ %
"!
!
! & - 9,
+
8
8 "
8 "
!
08
4 < " ! 4
& *) &
!
!
#
08
: + &
(22- ,
! !
!
2.
N + ,
$ 9 !
8
$ F
= )
"! !
$
,
!
!
! !
!
1 2 *
1
"!
2 ! /$
3.
: + &
( &
!
)
! "
)&
9"
+
! !
?
"
+
2 $
"
0
! !
!
!
!
! "
&
&
O
! !
!
,
! ! !
% !
&)
)&
)
&
+
$
1.
& $
(
9
! ! !
K
!
!
3"
!
!
$
2.
: + &
%&)
! !
9
" !
!
"
! !
! !
!
!
# !
4!
4
: + &
!
"
"
$ %&
!9
!
!
!
!
"
"
"
3"
"
"
#
$ 9"
4
!
3.
!
%
0$ F ! $
!
! !
!
" "
!
" ! ? !
smtpd_helo_required
= yes
smtpd_sender_restrictions
= check_sender_access
hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining header_checks = pcre:/etc/postfix/header_checks body_checks = pcre:/etc/postfix/body_checks
)
& ++
,!
"!
#
"!
# !
"
& - 9,
! !
3 !
!
!
N + ,
! !
!
"!
!
! !
"!
!
!
$
? !
!
!
$
N +
(22-$ -9
"! ! !
3
"! !
$
(22- ! ! !
!
3 !
$
!
/ +/
%
! !
"/
,
)
& ++
#
4
!
4
"
"
0$
! ! ! 8
, 8 "
08
! 4
! 4
"
0$ %
4
"
,
"!
! " "
"
"!
"
"
!
$
depkominfo.go.id kominfo.go.id register.net.id spam.org yahoo.com
OK OK OK REJECT DUNNO
"!
, !
#
!
" ! "
$
! "
0$ (
#
" !
!
" !
,
&
root@server:~#
!
postmap /etc/postfix/sender_access
/ +/
"/%
)
&+% +
! 8
"
8 "
08!
8 $
!
! 8
8 "
08
08!
!
4
$
F "
! !
"
! 8 "
08
4
$
/^Received:/ HOLD
9
4
!
" ! " !
$
$
#
4
8
8 "
, !
!
#
0
!
"
0+
"
!
$
!
#
!
!
8 !
"
, ! "
8
8 " #
!
" !
3
08!
$
"
"
!
$
!
$ ?
0$ (
#
!
0! "
08!
#
! !
8 "
!
!
" "
$ $
!
< +
&
pickup fifo n 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
=
! !
!
!
!
8
!
! !
! !
$ % ?
!
!
,
!
2 *
(
/$
! 0
! !
#
! " &
root@server:~# apt-get install spamassassin
! (
!
"
"
! 8
8
! !
trusted_networks 202.46.1.100 trusted_networks 202.46.2.41 trusted_networks 202.46.3.171 internal_networks 202.46.1.100 internal_networks 202.46.2.41 internal_networks 202.46.3.171
8"
$ " $
' K"
#
"
"
! !
!
"
!
$
' (
!
K"
!
#
& root@MailServer:~# apt-get install razor
!
' K"
!
# "
K"
! ! !
#
& root@MailServer:~# cd ~ root@MailServer:~# rm /etc/razor/razor-agent.conf root@MailServer:~# razor-admin -create
"
K"
,
#
! K" $ %
! !
!
" $
root@MailServer:~# razor-admin –register
!
,
!
#
"
! !
& root@MailServer:~# vi /root/.razor/razor-agent.conf
%
, K"
!
!
!
#
7 * "/
" ! K" "!
"
!
debuglevel razorhome
K"
$
= 0 = /var/lib/MailScanner/.razor/
$' % K"
!
! ! " "
!
!
" $ %
!
"
!
K" !
! K"
" " "
K"
" " " !
!
3
$
$' root@MailScanner:~# apt-get install pyzor
!
!
$'
pyzor_options --homedir /var/lib/MailScanner/ razor_config /var/lib/MailScanner/.razor/razoragent.conf #bayes_path /var/lib/MailScanner/bayes bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_ignore_header X-Depkominfo-MailScanner bayes_ignore_header X-Depkominfo-MailScannerSpamCheck bayes_ignore_header X-Depkominfo-MailScannerSpamScore bayes_ignore_header X-Depkominfo-MailScannerInformation bayes_auto_expire 0
(
!
K" 8
"
++ ! 8
!
" 8 5A7$
&
loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Razor2
" "
K"
!
"
K"
0
! !
! $
root@MailServer:~# cp -R /root/.pyzor /var/lib/MailScanner root@MailServer:~# cp -R /root/.razor /var/lib/MailScanner
( 8 !
! 8
8
" 8
8 !
8 "" 8 "
8 "
&
root@MailServer:~# chown -R postfix.postfix /var/spool/MailScanner/ root@MailServer:~# chown -R postfix.postfix /var/lib/MailScanner/
0
A$ %"
0
!
(
!
,
K" , % " , ++
&883 3 3 $ "3 " "
@$
" &88
5$
" K" $ "
+ ! G$
04
! 4!
4
!
4
"
$
8 " " &&
$ ! !
3
% K"
$
&883 3 3 $
'
!, " ! "
,
% K"
!
!
E$ 2
$ "! 8 "
! 3
,
,
$ F "3 "
, % K" , +"
E$
!
" $" 8 "
0, !
K" , ++
&883 3 3 $
85@5 '
3,
+ ! G" !
$" 8 +E$ !
PRETTY GOOD PRIVACY
) % 3
*% %/
"
!
! 8
" " "
*
/ !
% %
"
%
H!!
!
$ ABBA$ % %
!
$ !
!
!
!
!
!
$
% %
!
!
&
1. % %
. H!!
!
% % ! $ " !
% %
! "
( 2 O,
#
!
,
"
D
"3 ,
$ (
"! !
2.
" $ "
!
"
#
!
!
$
,
! % % "
!
4 !
,
'F
!
,
!
!
$ ( +
'A@C,
5
$
!
*
/ !
F 'A$
3. %
% %
!
#,
#
" " "
#
* $
,
,
$/$
4. % %
!
" !
!
! $
L
#
% %
M$
L
M
$
" $
;$
! ! !
&
, % %
#
"
+ 5A;6$
," !
"
P
! % %
!
"
" .
# "
Tabel 1 - Struktur Pretty Good Privacy +
!
: 8 F
9"
8 F ! "
!
F 'A
! ! ! ! * !
/
! +
%
* !
/
" ! F
!
"
!
+
'A@C 5
"
!
" " !$
! F
!
"
! ! , ! +"!
"
* ! %
H%
'!
0
+"!
"
6E
*" (
"
/
! "!
"
/ "!
!
,
" + ! !
" ! !
"
0 6E
! # ! ! " " "
! $
!
% %
F 2:
#, !
!
F 2: !
#!
! $
'
#!
!
$ !
!
!
$ #!
#
,!
#!
' !
3
!
!
"
!
!
!
! , #
!
! $
&
1. %
!
"
2.
!
F 'A
! !
3. %
!
!
! !
4. %
!
! !
! "
!
! ,#
!
!
'
! !
"
!
!
!
"
! *
#
/$
9
A$ %
!
! ! !
!
#!
$
'
#!
!
!
!
&
A@C
" @$
$ !
+ 5$ !
!
"
'A@C "
$
" #
! !
!
E$ %
!
!
"
*
! !
;$
! ! ,
"
!
!
#,
"
/
"
! $9
#! !
!
$
# #! !
! !
! !
! !
"
!
! $
$9
*
/
!
9"!
"
"
!
* !
!
/
! !
! !
$
!
! Q(
! !
'!
!
! # !
!$
!
$ !
!
$
Gambar 6 - Arsitektur Implementasi Pretty Good Privacy ! ! *
/ !
!
! "
$
! !
"
* $
/ 5
$
"
!
"! "!
,
! $
% !
! *% /$
"
#
!
#
!
! !
! ! $
!
#
!
!
L
M
*
/$
! I6C'@7EC,
A7@E
#
#
!
$
#
#
! !
3
#
$ 9 !
3"
!
,
# !
L "
! !
"
$
M
"
"
$ 9
!
!
!
!
! $
! !
!
$ 2 ! #
"
!
!
$( '
!
!
$
"
"
!
!
!
!
!
#!
3
"
!
!
$
$ D
$ "
!
! $
# , + ! !
$
!
! "$ +
! 3
"$
+
"
'
3
A$ 9
!
"
#
& !
! !
@$
"3
"
"
! !
5$ ( "
!
!
!
L
M
"
! !
"
#
E$ 9
"
"
"
#
!
!
$
% %
! $/
!
$
!
*9
, %
, -
!
! !
' !
!
""
% %$
!
P !
$ %
# $ 9
!
!
!
! !
! $
! !
8 (
, +$ 8
)
!
%
*
% /,
&
ubuntu@ubuntu-desktop:~# apt-get install gnupg
1 (
,
$)
!
1 +
!
$ !
"
!
!
! !
$
#
, !
"
!
"
! ! !
$ % %
"! ! &
ubuntu@ubuntu-desktop:~# gpg –-gen-key Please select what kind of key you want: DSA and Elgamal (default) DSA (sign only) RSA (sign only) Your selection ? 1
?
%
# "
! !
!
! !
% %$
! ! !
#
"
!
#
#
$ % I6C, A7@E
@7EC
!
,
!
!
!
#
!
$
DSA keypair will have 1024 bits About to generate a new ELG-E keypair Minimum keysize is 768 bits Default keysize is 1024 bits Highest suggested keysize is 2048 bits What keysize do you want? (1024) 2048
#
,
!
#
!
% %
$ %
!
# !
A
!
/,
*
, @7EC
$% &
*! "
3
*
3 /, !
*3
/,
/
#
$ " "
!
!
A
$
Requested keysize is 2048 bits Please specify how long the key should be valid 0 = key does not expire = key expires in n days w = key expires in n weeks m = key expires in n months y = key expires in n years Key is valid for? (0) 1y Key expires at Thu 13 Dec 2007 10:42:03 PM WIT Is this correct (y/n)? y
!
3
,!
#
! $ F
&2 !
%
9
,
" !
! !
!
,9
$
" !
, ! !
!
"
!
" !
$
You need a User-ID to identity your key; the software constructs the user id from Real Name, Comment and Email Address in this form: “Heinrich Heine (Der Dichter) < [email protected]>” Real name : Pegawai Depkominfo Email address: [email protected] Comment: PGP Key Pegawai You selected this USER-ID: “Pegawai Depkominfo (PGP Key Pegawai) < [email protected]>” Change (N)name, (C)omment, (E)mail or (O)kay/(Q)uit? O
" ! !
,
! !
$
Enter passphrase: Repeat passphrase:
,!
"
!
$
" ! $
9
! !
@77I$
public and secret key created and signed. key marked as ultimately trusted. pub 1024D/07B33D81 2006-12-13 Pegawai Depkominfo (PGP Key Pegawai) Key fingerprint = F404 F6A0 8CD0 B7E2 4093 4F0F 822A C25C 07B3 3D81 sub 2048g/92D36F17 2006-12-13 [expires: 2007-1212]
A@
)
9
!
!!
%
8 8
!
"
!
? !
! $ ! ! (
!
$
!
$ " !
0 !
#
&
root@server:~# gpg –e ! !
, !
!
! $ 9 % %
"
!
$
You did not specify a user ID. (you may use “-r”) Enter the user ID. End with an empty line: [email protected]
!
!
!
&
Added 2048g/F8F8665B 2007-01-03 “Pegawai Depkominfo (PGP Keys untuk Pegawai Depkominfo) < [email protected] >”
#
)
9
!
!!
8 8
%
! !
$ (
! !
, #
&
root@server:~# gpg –d
!
!
3" ! " "
$ !
!
&
You need a passphrase to unlock the secret key for user: “Pegawai Depkominfo (PGP Keys untuk Pegawai Depkominfo) < [email protected] >” 2048-bit ELG-E key, ID F8F8665B, created 2007-01-03 (main key ID D329DDE1) Enter passphrase:
N ! !
!
"
!
,
!
!
$
$
1 +
$
$
,
# !
3 !
?
$ ( ! "
"
"
! !
! ? !
!
ubuntu@ubuntu-desktop:~# gpg –-send-keys –keyserver ldap://ldap.depkominfo.go.id
$
1. 2. 5$
% %
9
*
&883
$
%
*
&883 3 3 $
$
$
?D "
&88
8 8 ,
$ $3
$" 83
8 %
$" /
8
E$ ! /
PGP KEYSERVER
% % 9 !
!
, !
"
!
!
% %$
!
9
!
%
%
"
! !
% %
9
"3
!
" ?
$ ! !
!
, ! "
% %
"
%
!
! 3
# (
!
?
(
!
&883 3 3 $
! % %*
$ "! /$
, %
!
#
& root@DirectoryServer:~# apt-get install slapd ldap-utils
$
! !
#
1 !
!
8
$
%
!
,
"
!
% %
!
!
!
%9 $ 9" 8
8
8
$ "
+ ) %
include include include include include
3 3 !
9
$
/etc/ldap/schema/core.schema /etc/ldap/schema/cosine.schema /etc/ldap/schema/nis.schema /etc/ldap/schema/inetorgperson.schema /etc/ldap/schema/pgp-keyserver.schema
# Schema chek allows for forcing entries to # matc schemas for their objectClasses’s schemacheck on pidfile argsfile loglevel modulepath moduleload
/var/run/slapd/slapd.pid /var/run/slapd.args 0 /usr/lib/ldap back_bdb
)
" ! !
!
!
%
%
" ! * "
! ,
/$
" ! !
%
" ! #
)
)
%$
" ! ! $
" !
% !"
backend checkpoint
bdb 512 30
database suffix
bdb “dc=depkominfo,dc=go,dc=id”
rootdn rootpw
“cn=admin,dc=depkominfo,dc=go,dc=id” “depkominfo” # SHA1 MD5 CRYPT plain
index lastmod access to by write by by by
objectClass eq on attrs=userPassword dn=”cn=admin,dc=depkominfo,dc=go,dc=id” anonymous auth self write * none
access to dn.base=”” by * read access to * by dn=”cn=admin,dc=depkominfo,dc=go,dc=id” write by * read
1 +
)
"
! !
" ! !
"
"
#
$
" ! !
" ! $
"
)
" ! !
" !
#3 "
(
$
" ! !
" !
3"
!
#3 "
$
! !
o
!
; ,
!
!
!
&
! "
0
!
;$ (
!
;, ! 3
o
F A,
!
!
!
"
(
R
;S$
"
!$
0
!
F
!
F A, !
3 R F AS$
o + :% , !
!
! "
!
0 !
"
! " !
0$ ( + :% , !
3 R+ :% S$
!
o %
2, !
3" !
! # $
!
$ % ! !
"
1.
%
*
2.
3
"
*
&883 3 3 $"
&883 3 3 $
$" /
% " " " $"
/
KATA PENGANTAR Salah satu fasilitas dari Teknologi Informasi dan Komunikasi (TIK) adalah surat elektronik atau e-mail, yang pada dasarnya hanyalah sebuah pesan yang dikirim melalui internet. Namun, dengan kondisi terkoneksi ke jaringan global, setiap pengguna e-mail rentan terhadap ancaman Keamanan Informasi. E-mail seringkali dimanfaatkan sebagai pintu masuk ancaman Keamanan Informasi seperti serangan virus ataupun spam. Umumnya yang menjadi sarana tempat masuknya ancaman keamanan tersebut adalah lampiran (attachment) dalam email. Pengguna email secara tidak sadar membuka lampiran tersebut sehingga pada saat itu juga virus yang berupa program yang tersembunyi mulai bekerja. Pengguna semacam ini yang sering menjadi titik lemah persoalan keamanan email. Oleh karena itu perlu diperhatikan cara pengguna komputer dalam menangani email, agar risiko serangan dapat ditekan. Untuk membantu masyarakat khususnya pengguna TIK dalam menangani masalah keamanan transportasi e-mail, maka Direktorat Sistem Informasi, Perangkat Lunak dan
Konten membuat Tutorial Aplikasi Trasportasi E-mail berbasis open source di mana dalam tutorial ini diajarkan bagaimana menginstalasi aplikasi keamanan untuk sistem transportasi e-mail. Korespondensi ditujukan ke alamat email: [email protected]
Semoga bermanfaat! Jakarta, Desember 2006
Lolly Amalia Abdullah Direktur Sistem Informasi, Perangkat Lunak dan Konten
DIREKTORAT SISTEM INFORMASI, PERANGKAT LUNAK DAN KONTEN.......................................................................................2 DAFTAR ISI...........................................................................................5 DAFTAR GAMBAR..............................................................................7 DAFTAR TABEL...................................................................................8 ARSITEKTUR SISTEM KEAMANAN TRANSPORTASI EMAIL 9 SECURE EMAIL SERVER................................................................11 MAIL TRANSFER AGENT.........................................................................12 Postfix Mail Transfer Agent..........................................................13 Instalasi Postfix ...........................................................................13 Konfigurasi Dasar Postfix ...........................................................14 Konfigurasi Postfix Menggunakan SSL........................................16 Mekanisme Authentikasi Email Server.........................................19 Simple Authentication Security Layer (SASL)..............................20 Konfigurasi Authentikasi Mail Server dengan SASL ...................21 Setting SASL dengan Pluggable Authentication Module..............25 POST OFFICE PROTOCOL VERSI 3 (POP3).................................................28 Instalasi Dovecot POP3...............................................................28 Konfigurasi Dasar Dovecot POP3...............................................29 Konfigurasi Quota Dovecot – POP3............................................33 Konfigurasi Authentikasi Dovecot POP3.....................................34 INTERNET MAIL ACCESS PROTOCOL (IMAP)............................................36 Instalasi Dovecot IMAP................................................................37 Konfigurasi Dovecot IMAP..........................................................38 Konfigurasi Quota Dovecot – IMAP............................................42 Konfigurasi Authentikasi Dovecot - IMAP...................................44 REFERENSI......................................................................................45 EMAIL ANTIVIRUS...........................................................................46 PENDAHULUAN.......................................................................................47
CLAM ANTIVIRUS...................................................................................48 Konfigurasi Clam Antivirus..........................................................49 Update Database Virus.................................................................49 MAIL SCANNER.....................................................................................51 Instalasi Mail Scanner..................................................................51 Konfigurasi Mail Scanner.............................................................52 Konfigurasi Postfix.......................................................................55 REFERENSI......................................................................................57 EMAIL ANTISPAM............................................................................58 POSTFIX ANTISPAM.................................................................................62 Konfigurasi Postfix ......................................................................62 Konfigurasi Postfix Master.cf.......................................................68 SPAMASSASSIN......................................................................................69 Instalasi SpamAssassin.................................................................69 Konfigurasi SpamAssassin............................................................70 RAZOR..................................................................................................71 Instalasi Razor..............................................................................71 Konfigurasi Razor.........................................................................71 PYZOR..................................................................................................73 Instalasi Pyzor..............................................................................73 Konfigurasi Pyzor.........................................................................74 REFERENSI..................................................................................76 PRETTY GOOD PRIVACY...............................................................77 PENDAHULUAN.......................................................................................78 Instalasi Gnu Privacy Guard........................................................87 Pembuatan Private Key dan Public Key......................................87 Enkripsi dengan menggunakan GPG...........................................91 Dekripsi dengan menggunakan GPG...........................................92 REFERENSI......................................................................................94 PGP KEYSERVER..............................................................................95 Instalasi LDAP Server..................................................................96 Konfigurasi LDAP sebagai PGP Keyserver.................................97 REFERENSI....................................................................................102
GAMBAR 1 - ALUR MEKANISME SISTEM KEAMANAN EMAIL...................................................................................................10 GAMBAR 2 - ALUR PENGIRIMAN EMAIL..................................12 GAMBAR 3 - ALUR MEKANISME AUTHENTIKASI..................19 GAMBAR 4 - SISTEM EMAIL ANTIVIRUS...................................47 GAMBAR 5 - STATISTIK SPAM......................................................60 GAMBAR 6 - ARSITEKTUR IMPLEMENTASI PRETTY GOOD PRIVACY..............................................................................................84
TABEL 1 - STRUKTUR PRETTY GOOD PRIVACY....................80
Mailbox Menerima Email
DOVECOT
PAM Mengirim Email
LDAP
POSTFIX
CYRUS - SASL
ANTI VIRUS
ANTI SPAM
Gambar 1 - Alur Mekanisme Sistem Keamanan Email
!
! !
#
"!
!
"
$
JARINGAN KOMPUTER
MUA
MTA
Simple Mail Transport Protocol
DNS
MTA
Mailbox
MUA
Gambar 2 - Alur Pengiriman Email % '
#
& (
)
(
. '
+
&
,-
"" ,
/ ) !
'
* !
* !
& %"
0, 1 !
/
2 ) "!
2 !
*
2 , %"3
2 ,
2 /
, 0!,
"
%"
!
0 ,
!
!
"
!
! $
"
(
!
"
0 !
&
root@MailServer:~# apt-get install postfix
,
!
(
#
"
!
"
%"
0
, "
"
"
myhostname myorigin mynetworks message_size_limit mydestination relay_domains relayhost smtpd_helo_required alias_maps recipient_delimiter disable_vrfy_command local_recipient_maps
%$= = = = = = = = = = = =
0!
depkominfo.go.id mail2.depkominfo.go.id yes hash:/etc/aliases yes
"
!
"
!
,
!
! !
" !
!
! & ' &
$
" !
!
!
! !
!
! !
!
$
" !
!
$
mail.depkominfo.go.id depkominfo.go.id 192.168.0.0/24, 202.46.0.0/24 10485760
"
$
$
" "!
!
# !
!
!
$
%
!
!
! !
!
!
$
"!
"!
!
!
!
"
!
$
(
" !
!
3"
!
)&%
&
!
#
!
*
)
!
!
"
!
"
! ! !
!
!
$&)
!
!
!
$
"
"
! ! !
$
"
"!
!
!
! #
!
$
$&%
" ! $
" !
!
!
! "
!
"
!!
smtpd_use_tls
= yes
smtpd_tls_auth_only = yes smtpd_tls_key_file
= /etc/ssl/server-key.pem
smtpd_tls_cert_file = /etc/ssl/server-cert.pem smtpd_tls_CAfile
= /etc/ssl/ca-cert.pem
smtpd_tls_loglevel
= 1
smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source
)&
= dev:/dev/urandom
&
" ! !
*
*
#
!
$
)& ! !
!
"!
/$
0
" !
/
!
"
4
!
!
" 4
! !
#
$
&
%&
$
" !
" !
"! $
$
!
"
!
"! "
"
)&
! " "!
$
&
$&
" ! !
" " "
)&
"
" !
$
&+
&
" ! !
"
0
" ! " " "
)&
$
&
" ! !
)&
&
"
" !
"
0
+
"
! !
" !
"
0 "!
#
! ! !
!
!
"!
+" "
$ &
4
4
" 4
4 ! "
) 5677 ,
"! !
$
&+ +% &
!
!
0
"!
! $
5677
&
)
&
+
" ! !
#
!
! !
"
! !
$
! ! &8
8
0
" !
! %
"
4 "!
" " " "! 4 "
$
%
,
` EMAIL SERVER
SASL
PAM
ACCOUNT SERVER
Gambar 3 - Alur Mekanisme Authentikasi !
! "
!
! !
!
$ % " " "
!
! "
* !
/$
" " " !
!
!
!
! $ (
!
!
"
# !
"
!" ! " "
%
#
,!" "
%
%
*%
/$
! ! !
,
! ! !
3"
!
!
,
! !
!
3
, !
.$
!
,% ! !
! "
!
!
"
!
!
$
%
+
+
$
$
-
*
.
/
" " "
!
"
$ ! !
- % *-
! %
%
%$3 " /, 9 :, + "
!
# '
& ;,
'
,
;, 2
! ! $
!
%
,
)
!
! & root@MailServer:~# apt-get install sasl2-bin libsasl2 libsasl2-modules
(
!
"
!
!
"
/ +/
!
0
"/
"
0+
0 "
& smtp_sasl_auth_enable = no smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $mydomain unknown_local_recipient_reject_code = 450 smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
& 3
&
%&
1
!
!
! ! $ %
! ! !
, "
$
)&
&
3
%&
1
!
!
! !
!
$
)&
&
+
$&
"
! !
%
!
"
< "
"
!
$
,
!" =
!
! $
)&
& + &)
" !
!
! !
"!
"
"
$ %
! !
" "
!
! !
!
" "!
" ! $
!
"!
"
" " ,
!
"
!
! 3
>
!
"!
!
"$ "$ ,
< "!
"$ "$ = !
!
!
" 3
&
! >
"!
"$ "$ > "!
"$ "$
#
$
!
"!
!
"
! !
"!
,
!
#
!
# !
" "
"! $
!
(
!
! 8
8
"
8
START=yes MECHANISMS=pam PARAMS="-m /var/spool/postfix/etc"
! ! !
,
" "!
#
$2 $
$
2 !
! !
" !
!
" $ 9"
! ! ! ! !
!
"
! !
%
, !
"
$
! ! !
! $
" ! "
!
8 #
"
8
8
,
!
8
8 "
08
"
8 !
$ "
!
&
pwcheck_method: saslauthd saslauthd_path: /var/run/saslauthd/mux mech_list: login plain "
" !
$
?
&
( +% + &
% )
! !
" !
!
"
%$!
3"
!
#
,
!
!
"
$
%)& ! !
% " !
"
#$
+%&
! !
" !
! $
!
#
!
(
)
!
!! 1
!
8
!$ 8 !
" "
)
0
!"
!
"
auth account password session (
+
" !
8
%
&
required required required required
!
pam_ldap.so pam_ldap.so pam_ldap.so pam_ldap.so ,
!
"
!
! ! "
$
" %
" , 8
BASE URI
8
! 8
$ "
" &
dc=depkominfo, dc=go, dc=id ldaps://ldap.depkominfo.go.id
ldap_version scope ssl tls_checkpeer tls_reqcert
3 sub on no never
#
!
% )
$
* 2/
"
" !
!
"
! $ )
3
+" "
, )
"!
2
&
", ) ", ) $
*
/
%
"
$ !
#
( !
3 !
!
@
! ! !
2
%
!
"
(
$ 2
! !
&
&88
"!
"$ "$ ,
&88AB@$A6C$A$@
&88
"!
"$ "$ &656 ,
,
$
! % ! !
&
! !
"!
"
*+
! %
!
$
!
"! "!
!
!
! ! !
$
!
"
! !
"!
+
!
" "
$ &+% + !
!
!
"!
! !
)
"
$
&,
!
" " "
! ! "!
(
%
!
"
$
# !
#
&
root@MailServer:~# # testsaslauthd -u
+
+
,
3-
3.
5 *%- %5/ !
" " "
!
!
"
$ %
"
!
! !
"
!
!
!
! !
! !
!
,
$ 2 ! !
!
!
" "! ,
!
"
"
!
"
" $ %
! !
,
* %/ !
!
! " " " %- %5
# , +
" !
!
$
3
root@MailServer:~# apt-get install dovecot dovecot-pop3d
!
#
# , +
3
protocols = pop3 pop3s ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
" " " "
"
" #
$ %
" " "
&
o
" " "
o
" " " ! !
o
% " " " % " " "
!
!
!
" 3
" " " %"
-
% " " "
5
o
3
" " " !
!
!
&)
%"
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
!
!
! !
)
1 & "
"
!
" &
"
$
%
" ! !
" !
!
!
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%- %5$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &,
&,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%- %5$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%- %5$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
%- %5
)
"
? !
" !
!
!
"
%- %5
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%- %5
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
! "
4
# , +
" %- %5
!
5
! !
. "
!" !
$ 9
!
!
! !
# !
"0
*
! !
"
#
" @
!
# !
!
!
!
!
" "0$
,
! !
"
! !
!
!
3
"! # !
!
# !
! $
protocol pop3 { mail_plugins = quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
/
!
%
# , +
"
"
"
%
"
? %- %5
*
/
! "
0$ %
! !
!" !
"
!
! "
3
"
3"
! !
"
" $
passdb pam { # menggunakan /etc/pam.d/pop3 args = session=yes pop3 }
! 8
8 "
!
" 8 "
" $ " !
8
8
!
#
!
! $ 8 " 5$
"
%
!
auth required account required
&
pam_unix.so nullok pam_unix.so
# jika ingin menggunakan LDAP maka dapat # ditambahkan entry berikut # auth # account
sufficient sufficient
pam_ldap.so pam_ldap.so
% !
% !
++
"
!
"
$
% !
$
"
"
" "
++
!
+
-
.
*
%/
" " "
!
!
$ !
" !
%
" "!
! "
! & %
! ! !
!
"
'
%,
"
! !
, ! !
"
, !
!
$
$
" '
"3
"
! ! !
%- %5, !
"
%- %5
!
!
"
%
"
%$ 9 " " "
"
"
,
"!
!
# , + (
!
"
"
%
,
&
root@MailServer:~# apt-get install dovecot dovecot-imapd
) , +
!
" "
) , + 6 "
!
"
! ?
"
!
" % " " " *
! " "
"
"
!
" $
) !
) , + 6+
"
! ! %/
" $
! ?
!
(
# , +
!
"
"
"
"
8
8 "
%
,
" 8 "
" $ "
protocols = imap imaps ssl_disable = no ssl_cert_file = /etc/dovecot/ssl/server-cert.pem ssl_key_file = /etc/dovecot/ssl/server-key.pem disable_plaintext_auth = no login_user = dovecot login_greeting = IMAP Server DEPKOMINFO first_valid_uid = 1000 last_valid_uid = 5000 first_valid_gid = 100 last_valid_gid = 150 valid_chroot_dirs = /var/spool/mail default_mail_env = mbox:/var/spool/mail/%u
+
" ! ! #
"
" ! "
"
" " " "
$ %
" #
" " "
&
o
" " "
% " " "
o
" " " !
!
!
!
!
"
o
3
o
3
" " " %" " " " !
-
% " " "
%" !
!
&)
% " " "
5
-
% " " "
!
!
"
5
$
1
" ! !
"
"
" !
"
!
!
!
$ (
! !
!
!
!
"!
!
,! 0
&+
&
" ! !
"
"
"
"
" !
"
"
!
"
&
!
!
$&
$
" ! !
" !
! !
!
!
$
! "
)
1 & "
" &
%
"
"
!
! ! !
" !
! $
&,
)& )
" ! !
"
" !
"
3
! "
"! "
!
%$
&,
)& )
" ! !
"
" !
! "
" "! "
!
%$
2 &, &,
)&! )
)& )$
" ! !
"
"
" !
"
3
! "
"! " !
%$
&,
)& )
" ! !
"
"
" ! ! "
" "! "
!
%$ 2 &,
)&! )$
,
)&+%
&)
" ! !
" !
&
&
#
,
" !
"
"
"
!
" !
"
!
!
! ? !
!
$
!
"
"
$
" ! !
"
"
% )
"
? !
" !
!
!
"
%
&
o
1 ",
!
! $ 9
" !
!
!
! ! ?
" !
o
! !
!
%
) ,
$
" !
!
" $ !
,
3 !
!
!
!
!
!
" $
#
" !
!
! !
#
! "0, " !
!
! !
!
!
" ! "
!
$
!
4
# , +
5 "
! "
"
. "
"
!
% "
$
! !
# !
! !
" " "
$
"
. "
"
" $
protocol imap { mail_plugins = quota imap_quota } plugin { # 10 MB quota limit quota = maildir:storage=10240 # 1000 messages quota limit quota = maildir:messages=1000 # 10 MB + 1000 messages quota limit quota = maildir:storage=10240:messages=1000 }
% !
# !
! !
•
! !
)
"
"
$
! # !
•
)
$
)
!
# ! !
"0
! $
!
!
?
•
) # !
!
!
!
! $
"! # !
!
%
"
"
"
%
# , +
6
"
%
?
*%
"
! "
"
/
0$ %
! !
!" !
"
!
!
! !
"
3" "
"
" $
passdb pam { # menggunakan /etc/pam.d/imap args = session=yes imap }
! 8
8 "
!
" 8 "
" $ " !
8
8
!$ 8!
auth required account required # # # # #
!
#
! $
"
%
!
&
pam_unix.so nullok pam_unix.so
jika ingin menggunakan LDAP maka dapat ditambahkan entry berikut auth sufficient pam_ldap.so account sufficient pam_ldap.so
1.
!" &88
&
$
% $
2. %- %5 ? D
8! "
8
8 "
,
"
08 !
8
" &88 $3 5$
$" 83
% ?D
"
8%- %5 ,
"
" &88 $3
$" 83
E$
8
%
% " " " ?D
,
" &88 ;$ %"
$3
-
$" 83
% " " " ?D
&88
6.
$3
!
&883
7.
%$, (
"
8%" 4-
3"
@776$ A; 2 " $ "
% ,
$" 83
" ; 2"
8
4% " " "
8% !
" $" 8%
? "
" D
@776$ 3"
8%
$ F "3 "
3
"!
,6 2"
$ "
" $" 8 "
,
!
G
@776$ A; 2 "
!
%"
!
@776$ &883
"
0
1
EMAIL ANTIVIRUS
) % G
"
!
!
! "! !
$
!
!
"
#
!
H 2
?
!
?
!
$
, CIJ
"!
!
!
!
3
" "3
"
!
?
"
!
!
#
$ !
"
"
,
!
!
,!
!
!
? !
!
" ! !
!
$ KIRIM INTERNET
` TERIMA
EMAIL SERVER
VIRUS SCANNER
Gambar 4 - Sistem Email Antivirus
!
!
!
!
!
$ 9"! "
!
! !
!
!
*
/$
! !
! !
!
# !
!
! ,
! ! #
!
$
!
+
*
&883 3 3 $
!
$"
" /
! *
&883 3 3 $!
$"
/$
, (
!
+
0
!
! " #
$
root@MailServer:~# apt-get install clamav clamavfreshclam clamav-base
!
!
'
!
! !
!
' !
! $
!
,
F
! !
!
!
" (
!
!
!
!
!
)
"
8
#
$
" 8
!
8
!
$ "
1 !
!
?
! !
#
! ! $
!
-
?
$ + !
! !
!
!
, " "!
!
! !
#" $ (
!
!
" !
$
root@server:~# clamav-freshclam
#
! " "!
"
!
, !
!
!
#" 0$ %
! " !
"
!
* " /
"
!
# ! ,! #
! $ %
! " # ! A@ !
#
!
"
!
3 "
!
! "
!
" "! , !
"
"
&
root@server:~# crontab -e
!
!
?
#"
!
"
"
0 * * * *
%
! !
&
/usr/local/bin/clamav-freshclam
#" '
! !
!
#
?7 #
, #!$
+
! , ! ! ! ! !
!
! !
!
!
$ % ! !
!
!
! ,
!
!
" "! !
!
!
! $
+ (
!
!
! &
root@MailServer:~# apt-get install mailscanner
!
+
%org-name% = Depkominfo %org-long-name% = Departemen Komunikasi dan Informatika %web-site% = www.depkominfo.go.id Run As User = postfix
# # Run As Group = postfix # # Max Children = 5
ini adalah user dari MTA anda ini adalah group dari MTA anda
Incoming Queue Dir = /var/spool/postfix/incoming Outgoing Queue Dir = /var/spool/postfix/hold MTA = postfix # ini adalah MTA anda Virus Scanners = clamav # ini adalah antivirus # yang anda gunakan
7
!6
7
" ! !
!
7
" ! !
!6
!6
"
$
7
" ! !
"
!
!
" ! !
!
#
$
" ! ! !
#
" !
! $
8
" ! ! !
"
" !
!
"
#
$
% )
" ! !
" !
# !
!
! !
#
!
!
!
+
! 4
?!
!
#
" ! !
"
$
" !
!
!
"
!
!
! $
!
! 4
#
" ! !
" !
" !
!
!
"
!
!
$
" ! ! !
" ! !
!
!
!
$
"
+
" ! !
" !
#
! !
#
"
$
! ! $
! !
!
"
! (
/ +/
"/
!
0+
! "
"
!
! !
!
0
!
,!
!
!
!
!
! $
8
(
8 "
! 08!
$
!
& header_checks = pcre:/etc/postfix/header_checks
!
/ +/
!
"/%
)
&+% +
"
!
8
8 "
08!
#
!
!
8
8 "
08
4 4
" 8
$
" 8 "
08
0 ! ! 4
/^Received:/ HOLD
! $
$ F
9
4
!
" ! " !
$
, !
!
#
A$ %"
0 !
!
( ,
K" , % K" , ++
&883 3 3 $ "3 " "
@$ %" 5$ 2
$ "! 8 "
0 !, "
! 4!
4
&883 3 3 $ "
$
, & -./.01
,
+ ! G$
04
$
" )
,
&883 3 3 $
) !
4
0$"
%" ' " ( ))"
!
& $" *
+
$" 8 +E$ !
EMAIL ANTISPAM
!
!
!
$
!
!
!
"0
" ! !
$
!
$ 9
" !
!
#
" " !
, '
"! "
" !
" "
* " 0/, #!
!
! L
!!
!
!
!
"
! "!
!
M$
!
" 0
$
!
' !
!
!
!
!
M
L ! ,
$
!
!
' !
"
L
! !
!!
M$
"0
! ! !
3
$% !
! !
!
! ! "0
'
"
'
#
!
!
$
! ! " !
!
$
! "
!$
#
!
! !
,
Gambar 5 - Statistik Spam (! !
%
!
! ! ! !
!
"0
' ! $ +
!
!
&
'
!
' !$N
" " , !
!
!
$
!
!
$
!
*
"
/
"
!
! !
!
$
% !
! ! !
" "
! !
!
L
M$ " $
! ! !
!
L! !
#
" "
' !
!
"
!$ % !
"
! !
' !
!
#
$
#
!$
! ,
!
!
! ,! !
!
3
!
' !
!
"0$
!
! !
,
!
$
!
! !' " !
!
!
#,
*!
! "
!
! ! "
"
/
"
!
" $ 9
,! !
# "
! !,
A77J$
! '
,
!
!
'
# "
!
M " ' " !
!
' !
# !
" !
" "
!
"
!
!
"
"
? ! $
0
! " ?
! "
& A$
!
4
@$
!
4
5$
!
4
)&%
9"
"4 . 4
" 4
&
*
"
)
"
0
! !
"!
! !
"
!
! !
" !
)&
9" ! !
! !
)
&
"
!
+
"
!
?
!
0
!
! % !
$
!
!
!
!
$
! )&
"
)
&
+
&
1.
+% + & !
)
& ++
9
! !
!
" "
! 8
8 "
08
4
$ %
"!
!
! & - 9,
+
8
8 "
8 "
!
08
4 < " ! 4
& *) &
!
!
#
08
: + &
(22- ,
! !
!
2.
N + ,
$ 9 !
8
$ F
= )
"! !
$
,
!
!
! !
!
1 2 *
1
"!
2 ! /$
3.
: + &
( &
!
)
! "
)&
9"
+
! !
?
"
+
2 $
"
0
! !
!
!
!
! "
&
&
O
! !
!
,
! ! !
% !
&)
)&
)
&
+
$
1.
& $
(
9
! ! !
K
!
!
3"
!
!
$
2.
: + &
%&)
! !
9
" !
!
"
! !
! !
!
!
# !
4!
4
: + &
!
"
"
$ %&
!9
!
!
!
!
"
"
"
3"
"
"
#
$ 9"
4
!
3.
!
%
0$ F ! $
!
! !
!
" "
!
" ! ? !
smtpd_helo_required
= yes
smtpd_sender_restrictions
= check_sender_access
hash:/etc/postfix/sender_access, reject_non_fqdn_sender, reject_unknown_sender_domain smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining smtpd_data_restrictions = reject_unauth_pipelining header_checks = pcre:/etc/postfix/header_checks body_checks = pcre:/etc/postfix/body_checks
)
& ++
,!
"!
#
"!
# !
"
& - 9,
! !
3 !
!
!
N + ,
! !
!
"!
!
! !
"!
!
!
$
? !
!
!
$
N +
(22-$ -9
"! ! !
3
"! !
$
(22- ! ! !
!
3 !
$
!
/ +/
%
! !
"/
,
)
& ++
#
4
!
4
"
"
0$
! ! ! 8
, 8 "
08
! 4
! 4
"
0$ %
4
"
,
"!
! " "
"
"!
"
"
!
$
depkominfo.go.id kominfo.go.id register.net.id spam.org yahoo.com
OK OK OK REJECT DUNNO
"!
, !
#
!
" ! "
$
! "
0$ (
#
" !
!
" !
,
&
root@server:~#
!
postmap /etc/postfix/sender_access
/ +/
"/%
)
&+% +
! 8
"
8 "
08!
8 $
!
! 8
8 "
08
08!
!
4
$
F "
! !
"
! 8 "
08
4
$
/^Received:/ HOLD
9
4
!
" ! " !
$
$
#
4
8
8 "
, !
!
#
0
!
"
0+
"
!
$
!
#
!
!
8 !
"
, ! "
8
8 " #
!
" !
3
08!
$
"
"
!
$
!
$ ?
0$ (
#
!
0! "
08!
#
! !
8 "
!
!
" "
$ $
!
< +
&
pickup fifo n 60 1 pickup -o content_filter= -o receive_override_options=no_header_body_checks
=
! !
!
!
!
8
!
! !
! !
$ % ?
!
!
,
!
2 *
(
/$
! 0
! !
#
! " &
root@server:~# apt-get install spamassassin
! (
!
"
"
! 8
8
! !
trusted_networks 202.46.1.100 trusted_networks 202.46.2.41 trusted_networks 202.46.3.171 internal_networks 202.46.1.100 internal_networks 202.46.2.41 internal_networks 202.46.3.171
8"
$ " $
' K"
#
"
"
! !
!
"
!
$
' (
!
K"
!
#
& root@MailServer:~# apt-get install razor
!
' K"
!
# "
K"
! ! !
#
& root@MailServer:~# cd ~ root@MailServer:~# rm /etc/razor/razor-agent.conf root@MailServer:~# razor-admin -create
"
K"
,
#
! K" $ %
! !
!
" $
root@MailServer:~# razor-admin –register
!
,
!
#
"
! !
& root@MailServer:~# vi /root/.razor/razor-agent.conf
%
, K"
!
!
!
#
7 * "/
" ! K" "!
"
!
debuglevel razorhome
K"
$
= 0 = /var/lib/MailScanner/.razor/
$' % K"
!
! ! " "
!
!
" $ %
!
"
!
K" !
! K"
" " "
K"
" " " !
!
3
$
$' root@MailScanner:~# apt-get install pyzor
!
!
$'
pyzor_options --homedir /var/lib/MailScanner/ razor_config /var/lib/MailScanner/.razor/razoragent.conf #bayes_path /var/lib/MailScanner/bayes bayes_path /var/spool/MailScanner/spamassassin/bayes bayes_ignore_header X-Depkominfo-MailScanner bayes_ignore_header X-Depkominfo-MailScannerSpamCheck bayes_ignore_header X-Depkominfo-MailScannerSpamScore bayes_ignore_header X-Depkominfo-MailScannerInformation bayes_auto_expire 0
(
!
K" 8
"
++ ! 8
!
" 8 5A7$
&
loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Razor2
" "
K"
!
"
K"
0
! !
! $
root@MailServer:~# cp -R /root/.pyzor /var/lib/MailScanner root@MailServer:~# cp -R /root/.razor /var/lib/MailScanner
( 8 !
! 8
8
" 8
8 !
8 "" 8 "
8 "
&
root@MailServer:~# chown -R postfix.postfix /var/spool/MailScanner/ root@MailServer:~# chown -R postfix.postfix /var/lib/MailScanner/
0
A$ %"
0
!
(
!
,
K" , % " , ++
&883 3 3 $ "3 " "
@$
" &88
5$
" K" $ "
+ ! G$
04
! 4!
4
!
4
"
$
8 " " &&
$ ! !
3
% K"
$
&883 3 3 $
'
!, " ! "
,
% K"
!
!
E$ 2
$ "! 8 "
! 3
,
,
$ F "3 "
, % K" , +"
E$
!
" $" 8 "
0, !
K" , ++
&883 3 3 $
85@5 '
3,
+ ! G" !
$" 8 +E$ !
PRETTY GOOD PRIVACY
) % 3
*% %/
"
!
! 8
" " "
*
/ !
% %
"
%
H!!
!
$ ABBA$ % %
!
$ !
!
!
!
!
!
$
% %
!
!
&
1. % %
. H!!
!
% % ! $ " !
% %
! "
( 2 O,
#
!
,
"
D
"3 ,
$ (
"! !
2.
" $ "
!
"
#
!
!
$
,
! % % "
!
4 !
,
'F
!
,
!
!
$ ( +
'A@C,
5
$
!
*
/ !
F 'A$
3. %
% %
!
#,
#
" " "
#
* $
,
,
$/$
4. % %
!
" !
!
! $
L
#
% %
M$
L
M
$
" $
;$
! ! !
&
, % %
#
"
+ 5A;6$
," !
"
P
! % %
!
"
" .
# "
Tabel 1 - Struktur Pretty Good Privacy +
!
: 8 F
9"
8 F ! "
!
F 'A
! ! ! ! * !
/
! +
%
* !
/
" ! F
!
"
!
+
'A@C 5
"
!
" " !$
! F
!
"
! ! , ! +"!
"
* ! %
H%
'!
0
+"!
"
6E
*" (
"
/
! "!
"
/ "!
!
,
" + ! !
" ! !
"
0 6E
! # ! ! " " "
! $
!
% %
F 2:
#, !
!
F 2: !
#!
! $
'
#!
!
$ !
!
!
$ #!
#
,!
#!
' !
3
!
!
"
!
!
!
! , #
!
! $
&
1. %
!
"
2.
!
F 'A
! !
3. %
!
!
! !
4. %
!
! !
! "
!
! ,#
!
!
'
! !
"
!
!
!
"
! *
#
/$
9
A$ %
!
! ! !
!
#!
$
'
#!
!
!
!
&
A@C
" @$
$ !
+ 5$ !
!
"
'A@C "
$
" #
! !
!
E$ %
!
!
"
*
! !
;$
! ! ,
"
!
!
#,
"
/
"
! $9
#! !
!
$
# #! !
! !
! !
! !
"
!
! $
$9
*
/
!
9"!
"
"
!
* !
!
/
! !
! !
$
!
! Q(
! !
'!
!
! # !
!$
!
$ !
!
$
Gambar 6 - Arsitektur Implementasi Pretty Good Privacy ! ! *
/ !
!
! "
$
! !
"
* $
/ 5
$
"
!
"! "!
,
! $
% !
! *% /$
"
#
!
#
!
! !
! ! $
!
#
!
!
L
M
*
/$
! I6C'@7EC,
A7@E
#
#
!
$
#
#
! !
3
#
$ 9 !
3"
!
,
# !
L "
! !
"
$
M
"
"
$ 9
!
!
!
!
! $
! !
!
$ 2 ! #
"
!
!
$( '
!
!
$
"
"
!
!
!
!
!
#!
3
"
!
!
$
$ D
$ "
!
! $
# , + ! !
$
!
! "$ +
! 3
"$
+
"
'
3
A$ 9
!
"
#
& !
! !
@$
"3
"
"
! !
5$ ( "
!
!
!
L
M
"
! !
"
#
E$ 9
"
"
"
#
!
!
$
% %
! $/
!
$
!
*9
, %
, -
!
! !
' !
!
""
% %$
!
P !
$ %
# $ 9
!
!
!
! !
! $
! !
8 (
, +$ 8
)
!
%
*
% /,
&
ubuntu@ubuntu-desktop:~# apt-get install gnupg
1 (
,
$)
!
1 +
!
$ !
"
!
!
! !
$
#
, !
"
!
"
! ! !
$ % %
"! ! &
ubuntu@ubuntu-desktop:~# gpg –-gen-key Please select what kind of key you want: DSA and Elgamal (default) DSA (sign only) RSA (sign only) Your selection ? 1
?
%
# "
! !
!
! !
% %$
! ! !
#
"
!
#
#
$ % I6C, A7@E
@7EC
!
,
!
!
!
#
!
$
DSA keypair will have 1024 bits About to generate a new ELG-E keypair Minimum keysize is 768 bits Default keysize is 1024 bits Highest suggested keysize is 2048 bits What keysize do you want? (1024) 2048
#
,
!
#
!
% %
$ %
!
# !
A
!
/,
*
, @7EC
$% &
*! "
3
*
3 /, !
*3
/,
/
#
$ " "
!
!
A
$
Requested keysize is 2048 bits Please specify how long the key should be valid 0 = key does not expire
!
3
,!
#
! $ F
&2 !
%
9
,
" !
! !
!
,9
$
" !
, ! !
!
"
!
" !
$
You need a User-ID to identity your key; the software constructs the user id from Real Name, Comment and Email Address in this form: “Heinrich Heine (Der Dichter) < [email protected]>” Real name : Pegawai Depkominfo Email address: [email protected] Comment: PGP Key Pegawai You selected this USER-ID: “Pegawai Depkominfo (PGP Key Pegawai) < [email protected]>” Change (N)name, (C)omment, (E)mail or (O)kay/(Q)uit? O
" ! !
,
! !
$
Enter passphrase:
,!
"
!
$
" ! $
9
! !
@77I$
public and secret key created and signed. key marked as ultimately trusted. pub 1024D/07B33D81 2006-12-13 Pegawai Depkominfo (PGP Key Pegawai)
A@
)
9
!
!!
%
8 8
!
"
!
? !
! $ ! ! (
!
$
!
$ " !
0 !
#
&
root@server:~# gpg –e
, !
!
! $ 9 % %
"
!
$
You did not specify a user ID. (you may use “-r”) Enter the user ID. End with an empty line: [email protected]
!
!
!
&
Added 2048g/F8F8665B 2007-01-03 “Pegawai Depkominfo (PGP Keys untuk Pegawai Depkominfo) < [email protected] >”
#
)
9
!
!!
8 8
%
! !
$ (
! !
, #
&
root@server:~# gpg –d
!
!
3" ! " "
$ !
!
&
You need a passphrase to unlock the secret key for user: “Pegawai Depkominfo (PGP Keys untuk Pegawai Depkominfo) < [email protected] >” 2048-bit ELG-E key, ID F8F8665B, created 2007-01-03 (main key ID D329DDE1) Enter passphrase:
N ! !
!
"
!
,
!
!
$
$
1 +
$
$
,
# !
3 !
?
$ ( ! "
"
"
! !
! ? !
!
ubuntu@ubuntu-desktop:~# gpg –-send-keys –keyserver ldap://ldap.depkominfo.go.id
$
1. 2. 5$
% %
9
*
&883
$
%
*
&883 3 3 $
$
$
?D "
&88
8 8 ,
$ $3
$" 83
8 %
$" /
8
E$ ! /
PGP KEYSERVER
% % 9 !
!
, !
"
!
!
% %$
!
9
!
%
%
"
! !
% %
9
"3
!
" ?
$ ! !
!
, ! "
% %
"
%
!
! 3
# (
!
?
(
!
&883 3 3 $
! % %*
$ "! /$
, %
!
#
& root@DirectoryServer:~# apt-get install slapd ldap-utils
$
! !
#
1 !
!
8
$
%
!
,
"
!
% %
!
!
!
%9 $ 9" 8
8
8
$ "
+ ) %
include include include include include
3 3 !
9
$
/etc/ldap/schema/core.schema /etc/ldap/schema/cosine.schema /etc/ldap/schema/nis.schema /etc/ldap/schema/inetorgperson.schema /etc/ldap/schema/pgp-keyserver.schema
# Schema chek allows for forcing entries to # matc schemas for their objectClasses’s schemacheck on pidfile argsfile loglevel modulepath moduleload
/var/run/slapd/slapd.pid /var/run/slapd.args 0 /usr/lib/ldap back_bdb
)
" ! !
!
!
%
%
" ! * "
! ,
/$
" ! !
%
" ! #
)
)
%$
" ! ! $
" !
% !"
backend checkpoint
bdb 512 30
database suffix
bdb “dc=depkominfo,dc=go,dc=id”
rootdn rootpw
“cn=admin,dc=depkominfo,dc=go,dc=id” “depkominfo” # SHA1 MD5 CRYPT plain
index lastmod access to by write by by by
objectClass eq on attrs=userPassword dn=”cn=admin,dc=depkominfo,dc=go,dc=id” anonymous auth self write * none
access to dn.base=”” by * read access to * by dn=”cn=admin,dc=depkominfo,dc=go,dc=id” write by * read
1 +
)
"
! !
" ! !
"
"
#
$
" ! !
" ! $
"
)
" ! !
" !
#3 "
(
$
" ! !
" !
3"
!
#3 "
$
! !
o
!
; ,
!
!
!
&
! "
0
!
;$ (
!
;, ! 3
o
F A,
!
!
!
"
(
R
;S$
"
!$
0
!
F
!
F A, !
3 R F AS$
o + :% , !
!
! "
!
0 !
"
! " !
0$ ( + :% , !
3 R+ :% S$
!
o %
2, !
3" !
! # $
!
$ % ! !
"
1.
%
*
2.
3
"
*
&883 3 3 $"
&883 3 3 $
$" /
% " " " $"
/
Related Documents
Keamanan Email
June 2020 12
Keamanan Komputer
December 2019 43
More Documents from "Zulmilis Zulmita"
Daftar Provinsi, Kabupaten Dan Kota Seindonesia
June 2020 9
Keamanan Email
June 2020 12