Sabtu, 01 November 2014

Monitoring Koneksi Internet Menggunakan Mikrotik Dan Ubuntu 10.04 Sebagai SMTP Relay

  • Konfigurasi Server Ubuntu Sebagai Intermediate Email Server
Yang pertama adalah konfigurasi IP Address dan Default Gateway. Disini saya menggunakan IP Address 172.16.16.121 untuk Ubuntu Server (IES) ini. Setting Repository Lokal & Install Webmin 

it@IES:~$ sudo cp /etc/apt/sources.list /etc/apt/sources.list.asli
it@IES:~$ sudo pico /etc/apt/sources.list


deb http://kambing.ui.ac.id/ubuntu lucid main restricted universe multiverse
deb http://kambing.ui.ac.id/ubuntu lucid-updates main restricted universe multi$
deb http://kambing.ui.ac.id/ubuntu lucid-security main restricted universe mult$
deb http://kambing.ui.ac.id/ubuntu lucid-backports main restricted universe mul$
deb http://kambing.ui.ac.id/ubuntu lucid-proposed main restricted universe mult$
deb http://download.webmin.com/download/repository sarge contrib 


it@IES:~$ sudo apt-get update 
it@IES:~$ sudo apt-get install webmin

Install & Konfigurasi NTP Server 

it@IES:~$ sudo apt-get install ntp
it@IES:~$ date
Thu Oct 30 10:27:09 WIT 2014 
 
it@IES:~$ sudo pico /etc/ntp.conf 

.
.

# You do need to talk to an NTP server or two (or three).
#server ntp.ubuntu.com
server 0.id.pool.ntp.org
server 1.id.pool.ntp.org
server 2.id.pool.ntp.org
.
.



it@IES:~$ sudo /etc/init.d/ntp restart
 * Stopping NTP server ntpd                                              [ OK ] 
 * Starting NTP server ntpd                                              [ OK ]  
 
it@IES:~$ date
Thu Oct 30 10:30:36 WIT 2014

it@IES:~$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+202-65-114-202. 218.100.41.254   2 u   62  128  273   30.997   -9.769  27.281
+31.169.iconpln. 203.89.24.34     3 u   66  128  373   21.206   -5.759  38.879
+valhalla.intila 152.2.133.53     2 u   61  128   17   30.799   -5.729  39.312
*dns2.lipi.go.id 192.168.60.16    2 u   69  128  337   17.484   -6.222  38.069

Konfigurasi Postfix Sebagai SMTP Relay

it@IES:~$ sudo groupadd mailrelay -g 10000
it@IES:~$ sudo useradd sysadmin -m -d /home/sysadm -u 100001 -g 10000

it@IES:~$ id sysadmin
uid=100001(sysadmin) gid=10000(mailrelay) groups=10000(mailrelay)

it@IES:~$ sudo useradd user_default -m -d /home/user_default -u 100000 -g 10000

it@IES:~$ ls -lF /home
total 12
drwxr-xr-x 3 it           it        4096 Oct 30 09:58 it/
drwxr-xr-x 2 sysadmin     mailrelay 4096 Oct 30 11:25 sysadm/
drwxr-xr-x 2 user_default mailrelay 4096 Oct 30 11:26 user_default/

it@IES:~$ sudo passwd sysadmin
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

it@IES:~$ sudo passwd user_default
Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

it@IES:~$ sudo apt-get install postfix libsasl2 ca-certificates libsasl2-modules
it@IES:~$ sudo pico /etc/postfix/main.cf


.
.


# Konfigurasi tambahan Untuk IES 
relayhost = [smtp.gmail.com]:587
mynetworks = 192.168.0.0/17 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_use_tls = yes
smtp_sender_dependent_authentication = yes
sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map 


it@IES:/etc/postfix/sasl$ sudo pico Equifax_Secure_CA.pem


-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE
ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT
B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR
fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW
8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG
A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE
CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG
A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS
spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB
Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961
zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB
BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95
70+sB3c4
-----END CERTIFICATE-----


it@IES:/etc/postfix/sasl$ sudo cat /etc/postfix/sasl/Equifax_Secure_CA.pem | sudo tee -a /etc/postfix/cacert.pem

-----BEGIN CERTIFICATE-----
MIIDIDCCAomgAwIBAgIENd70zzANBgkqhkiG9w0BAQUFADBOMQswCQYDVQQGEwJVUzEQMA4GA1UE
ChMHRXF1aWZheDEtMCsGA1UECxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
MB4XDTk4MDgyMjE2NDE1MVoXDTE4MDgyMjE2NDE1MVowTjELMAkGA1UEBhMCVVMxEDAOBgNVBAoT
B0VxdWlmYXgxLTArBgNVBAsTJEVxdWlmYXggU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV2xWGcIYu6gmi0fCG2RFGiYCh7+2gRvE4RiIcPR
fM6fBeC4AfBONOziipUEZKzxa1NfBbPLZ4C/QgKO/t0BCezhABRP/PvwDN1Dulsr4R+AcJkVV5MW
8Q+XarfCaCMczE1ZMKxRHjuvK9buY0V7xdlfUNLjUA86iOe/FP3gx7kCAwEAAaOCAQkwggEFMHAG
A1UdHwRpMGcwZaBjoGGkXzBdMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHRXF1aWZheDEtMCsGA1UE
CxMkRXF1aWZheCBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MQ0wCwYDVQQDEwRDUkwxMBoG
A1UdEAQTMBGBDzIwMTgwODIyMTY0MTUxWjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUSOZo+SvS
spXXR9gjIBBPM5iQn9QwHQYDVR0OBBYEFEjmaPkr0rKV10fYIyAQTzOYkJ/UMAwGA1UdEwQFMAMB
Af8wGgYJKoZIhvZ9B0EABA0wCxsFVjMuMGMDAgbAMA0GCSqGSIb3DQEBBQUAA4GBAFjOKer89961
zgK5F7WF0bnj4JXMJTENAKaSbn+2kmOeUJXRmm/kEd5jhW6Y7qj/WsjTVbJmcVfewCHrPSqnI0kB
BIZCe/zuf6IWUrVnZ9NA2zsmWLIodz2uFHdh1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee95
70+sB3c4
-----END CERTIFICATE-----


it@IES:~$ sudo pico /etc/postfix/sasl_passwd


#Per-sender Authentication
havi@domain.com havi@domain.com:qwsaderftgg

#Login for default relayhost
[smtp.gmail.com]:587 cthdefault@gmail.com:abcabcdf-1qaz



it@IES:~$ sudo chmod 400 /etc/postfix/sasl_passwd 
it@IES:~$ sudo postmap hash:/etc/postfix/sasl_passwd
it@IES:~$ sudo pico /etc/postfix/relayhost_map



#Per-sender provider 
havi@domain.com      [smtp.gmail.com]:587



it@IES:~$ sudo postmap hash:/etc/postfix/relayhost_map

it@ubuntu-srv-1404:~$ sudo apt-get install fetchmail
it@ubuntu-srv-1404:~$ sudo pico /etc/fetchmailrc



set syslog
set daemon 300 
poll pop.gmail.com
    with nodns,
    with protocol POP3
    user "havi@domain.com" there is sysadmin here,
    with password 12345678
    with ssl, sslcertck;



it@IES:~$ sudo pico /etc/default/fetchmail 



.
.


# Declare here if we want to start fetchmail. 'yes' or 'no'
#START_DAEMON=no
START_DAEMON=yes



it@IES:~$ sudo /etc/init.d/fetchmail restart
 * Restarting mail retriever agent:                                      [ OK ]

it@IES:~$ sudo apt-get install dovecot-pop3d dovecot-imapd
it@IES:~$ sudo cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.asli
it@IES:~$ sudo pico /etc/dovecot/dovecot.conf



.
.
protocols = imap imaps pop3 pop3s
.
.
#   mail_location = maildir:~/Maildir
   mail_location = mbox:~/mail:INBOX=/var/mail/%u
#   mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n



it@IES:~$ sudo service dovecot restart
 * Restarting IMAP/POP3 mail server dovecot




  • Konfigurasi Mikrotik

Konfigurasi Tools Email


[hotadmin@GW1] > tool e-mail set address=172.16.16.121 port=25 user=sysadmin password=12345678

[hotadmin@GW1] > tool e-mail send server=172.16.16.121 port=25 user=sysadmin password=12345678 from=havi@domain.com tls=yes to=havi@domain.com subject="Tes Kirim Email Dari Mikrotik" body="Ini hanya tes pengiriman Email melalui terminal Mikrotik.."

Konfigurasi Netwatch


[hotadmin@GW1] > tool netwatch add host=8.8.8.8 interval=60 timeout=1s comment="DNS Google" 
 
[hotadmin@GW1] > tool netwatch print                                  
Flags: X - disabled 
 #   HOST                 TIMEOUT              INTERVAL             STATUS 
 0   8.8.8.8              1500ms                   1m                   up  

[hotadmin@GW1] > tool netwatch set down-script=[/tool e-mail send server=172.16.16.121 port=25 user=sysadmin password=12345678 from=havi@domain.com tls=yes to=havi@domain.com subject="Deteksi Otomatis Internet Down" body=("Koneksi Internet Down Pada : ".[/system clock get date]."  ".[/system clock get time]."Gagal Ping ke google dns 8.8.8.8.")]                                 

numbers: 0

[hotadmin@GW1] > tool netwatch set up-script=[/tool e-mail send server=172.16.16.121 port=25 user=sysadmin password=12345678 from=havi@domain.com tls=yes to=havi@domain.com subject="Deteksi Otomatis Internet Up" body=("Koneksi Internet Up Pada : ".[/system clock get date]."  ".[/system clock get time]." Sukses Ping ke google dns 8.8.8.8.")]      

numbers: 0

[hotadmin@GW1] > tool netwatch add host=202.95.*.* timeout=1500ms interval=1m comment="Gateway ISP"
 
[hotadmin@GW1] > tool netwatch print                                             
Flags: X - disabled 
 #   HOST                 TIMEOUT              INTERVAL             STATUS  SINCE               
 0   8.8.8.8              1s500ms              1m                   up      oct/31/2014 13:40:20
 1   202.95.137.198       1s500ms              1m                   up      oct/31/2014 13:45:25

[hotadmin@GW1] > tool netwatch set down-script=[/tool e-mail send server=172.16.16.121 port=25 user=sysadmin password=12345678 from=havi@domain.com tls=yes to=havi@domain.com subject="Deteksi Otomatis ISP Gateway Down" body=("Koneksi ke Gateway ISP  Down Pada : ".[/system clock get date]."  ".[/system clock get time]." Gagal Ping ke 202.95.*.*, Internet Gateway IP Address @ ISP")]                

numbers: 1

[hotadmin@GW1] > tool netwatch set up-script=[/tool e-mail send server=172.16.16.121 port=25 user=sysadmin password=12345678 from=havi@domain.com tls=yes to=havi@domain.com subject="Deteksi Otomatis ISP Gateway Up" body=("Koneksi ke Gateway ISP  Up Pada : ".[/system clock get date]."  ".[/system clock get time]." Sukses Ping ke 202.95.*.*, Internet Gateway IP Address @ ISP")]                    

numbers: 1


Note : "host=202.95.*.* adalah IP Address Public dari ISP yang diberikan sebagai Default Gateway untuk Mikrotik Router. Silahkan sesuaikan dengan IP Public (IP Gateway) yang diberikan ISP anda."

Alhamdulillah, sampai disini telah selesai proses konfigurasi Ubuntu Server (IES) dan Mikrotik untuk bertugas me-monitoring Koneksi Internet UP/DOWN. Kolaborasi antara Mikrotik & Ubuntu Server Intermediate Email Server ini dapat memonitoring status koneksi internet dari Router Mikrotik, apakah sedang Down atau Up. Hal ini berguna untuk menghitung total jumlah jam koneksi internet terputus selama sebulan, sehingga kita dapat melakukan komplain ke ISP apabila total lama waktu koneksi internet Down melebihi batas SLA yang telah dijanjikan oleh ISP. Dengan Intermediate Email Server, kita tidak membutuhkan Modem Dial Up lagi untuk memberikan notifikasi, sebab begitu koneksi internet terputus, mikrotik akan mengirim email ke IES kemudian setelah koneksi internet Up kembali, IES akan memforward Email dari mikrotik ke alamat tujuan.
Diposting oleh di

2 komentar:

Langganan: Posting Komentar (Atom)