目前,我面临一些有关 dovecot 和针对传递文件进行身份验证的问题。
以下是有关环境的一些详细信息:
- Centos 7 (3.10.0-042stab142.1)
- 后缀 (2:2.10.1-9.el7)
- 鸽舍 (1:2.2.36-6.el7)
后缀部分看起来很好,本地发送/接收邮件以及转发到外部域正在工作。对于少数用户,我需要启用 imap 功能。
“doveconf -n”摘录:
auth_debug_passwords = yes
auth_mechanisms = plain login
first_valid_uid = 1000
mail_debug = yes
mail_location = maildir:/var/mail/vhosts/<mydomain>/
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = scheme=SHA512-CRYPT username_format=%Lu /etc/dovecot/mydomain_passwd
driver = passwd-file
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0666
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mydomain/fullchain.pem
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
args = username_format=%Lu /etc/dovecot/mydomain_passwd
default_fields = uid=5000 gid=5000 home=/var/mail/vhosts/mydomain/%Ln
driver = passwd-file
}
内容“mydomain_passwd”:
Zelestra@mydomain:{SHA512-CRYPT}$6$69/Qa2lPaBz3q6Gy$2zL7zAsgp6JckiziPUxJc927p.YSAyQlAYCKIJ2uvA.uR6pPfktEcHO4mbnAO3LEVVYT6jNrSPykO.STuTJJH0:5000:5000::/var/mail/vhosts/mydomain/zelestra::
如果我尝试使用“doveadm user”测试用户,我会得到以下结果:
Jul 6 13:56:36 h2891775 dovecot: auth: Debug: master in: USER#0111#011zelestra#011service=doveadm
Jul 6 13:56:36 h2891775 dovecot: auth: Debug: passwd-file(zelestra): lookup: user=zelestra file=/etc/dovecot/mydomain_passwd
Jul 6 13:56:36 h2891775 dovecot: auth: passwd-file(zelestra): unknown user
Jul 6 13:56:36 h2891775 dovecot: auth: Debug: userdb out: NOTFOUND#0111
Jul 6 13:56:43 h2891775 dovecot: auth: Debug: master in: USER#0111#011zelestra@mydomain#011service=doveadm
Jul 6 13:56:43 h2891775 dovecot: auth: Debug: passwd-file(zelestra@mydomain): lookup: user=zelestra@mydomain file=/etc/dovecot/mydomain_passwd
Jul 6 13:56:43 h2891775 dovecot: auth: passwd-file(zelestra@mydomain): unknown user
Jul 6 13:56:43 h2891775 dovecot: auth: Debug: userdb out: NOTFOUND#0111
如果我从邮件客户端(测试期间内置的 mac)测试它:
Jul 6 14:03:03 h2891775 postfix/smtpd[14258]: disconnect from tmo-081-218.customers.d1-online.com[<some IP>]
Jul 6 14:03:03 h2891775 dovecot: auth: Debug: client in: AUTH#0115#011PLAIN#011service=imap#011secured#011session=5GStp8SpXxJQu1Ha#011lip=<some IP>#011rip=<some IP>#011lport=143#011rport=4703#011local_name=mail.mydomain#011resp=AFplbGVzdHJhQGtvbnppbGRlcmFzcGVrdGUuZGUARDN2MWwuM3JheQ== (previous base64 data may contain sensitive data)
Jul 6 14:03:03 h2891775 dovecot: auth: Debug: passwd-file(zelestra@mydomain,<some IP>,<5GStp8SpXxJQu1Ha>): lookup: user=zelestra@mydomain file=/etc/dovecot/mydomain_passwd
Jul 6 14:03:03 h2891775 dovecot: auth: passwd-file(zelestra@mydomain,<some IP>,<5GStp8SpXxJQu1Ha>): unknown user
Jul 6 14:03:05 h2891775 dovecot: auth: Debug: client passdb out: FAIL#0115#011user=zelestra@mydomain#011original_user=Zelestra@mydomain
Jul 6 14:03:05 h2891775 dovecot: imap-login: Aborted login (auth failed, 5 attempts in 10 secs): user=<zelestra@kmydomain>, method=PLAIN, rip=<some IP>, lip=<some IP>, TLS: Disconnected, session=<5GStp8SpXxJQu1Ha>
如果我进行像这样的查找“doveadm user *@mydomain” - 我将得到以下输出:
Zelestra@mydomain
我似乎遗漏了一些东西,但目前我不知道去哪里寻找或如何进一步排除故障。
已经做过多次但没有运气:
- 通读 he dovecot wiki/howto
- 谷歌 foo 并交换 foo 没有得到任何结果,为该问题的变体提供帮助
我现在想回答的问题是:
a) 为什么 doveadm 的通配符查找得到结果,但特定查找却没有结果
b) 提示如何让 dovecot imap 部分工作并获得对我的客户端的正确身份验证
感谢致敬
答案1
感谢 roaima - 将我的“userdb/passwd”的内容更改为小写条目,它起作用了。
因此,就我而言,它是 userdb 和 passdb 的“隐藏为小写”选项 - 它仅转换输入的信息,而不是数据库中存在的信息。遗憾的是,文档中没有提到这一点,这也不是我期望的行为。