我目前正在配置 postfix 和 dovecot。我目前正在努力解决 SSL + IMAP 登录问题。我启用了调试日志记录,但无法找出问题所在。以下是日志:
Oct 8 19:16:08 dirty-harry dovecot: auth: Debug: auth client connected (pid=1776)
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct 8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct 8 19:16:13 dirty-harry dovecot: imap-login: Debug: SSL alert: close notify [217.240.25.1]
Oct 8 19:16:13 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=<>, rip=217.240.25.1, lip=xxx, TLS: Disconnected, session=<bUkMr10+aADZ8BkB>
当我调用以下命令时,SSL 似乎起作用了:
openssl s_client -connect <mydomain>.net:993
我知道 SSL 协商成功了。
这是我的 dovecot 配置dovecot -n
auth_debug_passwords = yes
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap lmtp
service auth-worker {
user = vmail
}
service auth {
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </<cert>.crt
ssl_key = </<cert>.key
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
verbose_ssl = yes
SQL 程序正在运行并返回正确的数据。
编辑:根据评论中的要求,我添加auth_debug = yes
并尝试登录:
user@databueck01:/$ telnet domain.net 993
Trying <ip>...
Connected to domain.net.
Escape character is '^]'.
a10 login [email protected] password
Connection closed by foreign host.
日志如下:
Oct 8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct 8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct 8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct 8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct 8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct 8 19:42:34 dirty-harry dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Oct 8 19:42:34 dirty-harry dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Oct 8 19:42:34 dirty-harry dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Oct 8 19:42:34 dirty-harry dovecot: auth: Debug: auth client connected (pid=1941)
Oct 8 19:42:46 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct 8 19:42:46 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 12 secs): user=<>, rip=217.240.25.1, lip=<ip>, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<y7v+DV4+cADZ8BkB>