我无法弄清楚为什么在尝试通过我的客户端(mutt)连接时,dovecot 授权过程会从我的用户名中删除域名。
我使用简单的 auth-password userdb/passdb 进行身份验证,目前已禁用 auth-system(使用 PAM),(它阻塞了日志,因为我只尝试设置虚拟用户)。最后有更多解释。
doveadm auth test -x service=imap [email protected]
passdb: [email protected] auth succeeded
extra fields:
[email protected]
和
dovecot auth test [email protected] password
passdb: [email protected] auth succeeded
extra fields:
[email protected]
和
telnet imap.domain.id 143
trying xx.xxx.xx.x
Connected to imap.domain.id
Escape character is '^]'
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot ready.
a login user password
OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY LITERAL+ NOTIFY SPECIAL-USE] Logged in
到目前为止一切顺利
邮件日志:
Apr 18 14:42:32 dserver dovecot: auth: Debug: auth client connected (pid=1153208)
Apr 18 14:42:48 dserver dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=9z4GjJejPOpDqz0B#011lip=192.168.1.18#011rip=67.171.61.1#011lport=143#011rport=59964#011resp=AHNwZW5jZXJAZGF2ZXkuaWQAQmVuZGVyYmMx (previous base64 data may contain sensitive data)
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Performing passdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): lookup: [email protected] file=/etc/dovecot/users
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Finished passdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: auth([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Auth request finished
Apr 18 14:42:48 dserver dovecot: auth: Debug: client passdb out: OK#0111#[email protected]
Apr 18 14:42:48 dserver dovecot: auth: Debug: master in: REQUEST#0112833514497#0111153208#0111#01168847acfe57555a93ec42d643c212c9b#011session_pid=1153448#011request_auth_token
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Performing userdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): lookup: [email protected] file=/etc/dovecot/users
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file([email protected],xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Finished userdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: master userdb out: USER#0112833514497#011user#011uid=500#011gid=5000#011home=/var/vmail/domain/user/#011auth_token=10245b24c5981d5c412658bd640ac3dd0a1c3f57
Apr 18 14:42:48 dserver dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=xx.xx.xx.x, lip=192.168.1.18, mpid=1153448
Apr 18 14:42:48 dserver dovecot: imap([email protected])<1153448><9z4GjJejPOpDqz0B>: Debug: Effective uid=500, gid=5000, home=/var/vmail/domain.id/user/
Apr 18 14:42:48 dserver dovecot: imap([email protected])<1153448><9z4GjJejPOpDqz0B>: Debug: Home dir not found: /var/vmail/domain.id/user/
Apr 18 14:42:48 dserver dovecot: imap([email protected])<1153448><9z4GjJejPOpDqz0B>: Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
Apr 18 14:42:48 dserver dovecot: imap([email protected])<1153448><9z4GjJejPOpDqz0B>: Debug: maildir++: root=/var/vmail/domain.id/user//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/domain.id/user//Maildir, alt=
Apr 18 14:42:59 dserver dovecot: imap([email protected])<1153448><9z4GjJejPOpDqz0B>: Logged out in=19 out=520 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
现在失败了:
mutt -f imap://[email protected]
Password: *******
login failed
邮件日志:
Apr 18 14:52:24 dserver dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 18 14:52:24 dserver dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Apr 18 14:52:24 dserver dovecot: auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat
Apr 18 14:52:24 dserver dovecot: auth: Debug: passwd-file /etc/dovecot/users: Read 1 users in 0 secs
Apr 18 14:52:24 dserver dovecot: auth: Debug: auth client connected (pid=1160786)
Apr 18 14:52:33 dserver dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=fcvlrpejlutDqz0B#011lip=192.168.1.18#011rip=67.171.61.1#011lport=143#011rport=60310#011local_name=davey.id#011ssl_cipher=TLS_AES_256_GCM_SHA384#011ssl_cipher_bits=256#011ssl_pfs=KxANY#011ssl_protocol=TLSv1.3#011resp=c3BlbmNlcgBzcGVuY2VyAEJlbmRlcmJjMQ== (previous base64 data may contain sensitive data)
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Performing passdb lookup
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): lookup: user=user file=/etc/dovecot/users
Apr 18 14:52:33 dserver dovecot: auth: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): unknown user
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Finished passdb lookup
Apr 18 14:52:33 dserver dovecot: auth: Debug: auth(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Auth request finished
Apr 18 14:52:35 dserver dovecot: auth: Debug: client passdb out: FAIL#0111#011user=user
Apr 18 14:55:24 dserver dovecot: imap-login: Disconnected: Inactivity (auth failed, 1 attempts in 171 secs): user=<user>, method=PLAIN, rip=xx.xxx.xx.x, lip=192.168.1.18, TLS
我希望我的passdb文件包含@domain.id用户字段,以便能够在一个文件中区分相同的用户名和不同的域。并将我的邮箱映射为:
~/%d/%n/Maildir
当我从 passdb 文件中的用户名字段中删除时,它可以正常工作@domain.id。我已经阅读了有关 dovecot 如何不关心域以及您可以使用%u或操纵身份验证的所有内容%n
问题很明显,我的修复方法不起作用。通过 Mutt 登录时,auth 会@domain.id从用户名中删除,因此它不会在我的 passdb 文件中进行身份验证。我尝试了以下所有组合:
auth_username_format = %u
auth_username_format = %n
和
passdb {
driver = passwd-file
args = scheme=CRYPT **username_format=%u** /etc/dovecot/passdb
}
passdb {
driver = passwd-file
args = scheme=CRYPT **username_format%n** /etc/dovecot/passdb
** 是我的强调
为什么 IMAP 身份验证与我的 telnet 测试和通过 Mutt 进行的工作方式不同?我确实必须暂时启用明文身份验证才能进行测试,但这不会影响我的 passdb 文件中用户名的不匹配。是否在其他地方username_format定义了(或类似的配置)?过去 24 小时里,我到处都找遍了。
任何帮助是极大的赞赏。
答案1
找错地方了,真是抓狂。问题出在我通过 Mutt 访问的方式上。mutt -f要求查找邮箱文件,我假设其名称为'user',因此这就是发送到身份验证机制的内容,忽略'@domain.id'。我尝试使用其他客户端,并成功创建/访问了该帐户。