Dovecot:没有身份验证尝试

Dovecot:没有身份验证尝试

我目前正在配置 postfix 和 dovecot。我目前正在努力解决 SSL + IMAP 登录问题。我启用了调试日志记录,但无法找出问题所在。以下是日志:

Oct  8 19:16:08 dirty-harry dovecot: auth: Debug: auth client connected (pid=1776)
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct  8 19:16:13 dirty-harry dovecot: imap-login: Debug: SSL alert: close notify [217.240.25.1]
Oct  8 19:16:13 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=<>, rip=217.240.25.1, lip=xxx, TLS: Disconnected, session=<bUkMr10+aADZ8BkB>

当我调用以下命令时,SSL 似乎起作用了:

openssl  s_client -connect <mydomain>.net:993

我知道 SSL 协商成功了。

这是我的 dovecot 配置dovecot -n

auth_debug_passwords = yes
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service lmtp {
  unix_listener lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
ssl = required
ssl_cert = </<cert>.crt
ssl_key = </<cert>.key
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}
verbose_ssl = yes

SQL 程序正在运行并返回正确的数据。

编辑:根据评论中的要求,我添加auth_debug = yes并尝试登录:

user@databueck01:/$ telnet domain.net 993
Trying <ip>...
Connected to domain.net.
Escape character is '^]'.
a10 login [email protected] password
Connection closed by foreign host.

日志如下:

Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: auth client connected (pid=1941)
Oct  8 19:42:46 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct  8 19:42:46 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 12 secs): user=<>, rip=217.240.25.1, lip=<ip>, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<y7v+DV4+cADZ8BkB>

相关内容