我遇到了一个奇怪的问题,我们的一个 cPanel/WHM 服务器似乎只无法通过特定 IP 地址登录 dovecot (IMAP/POP3)。客户正在设置一个新的工作站,忘记了其中一个帐户 (IMAP) 的密码,因此 Outlook 不断提示输入密码。
听到这个,我以为 LFD 已经因为密码尝试失败次数过多而封锁了他们的 IP(尽管 csf.ignore 中已经设置了)。但遗憾的是,CSF/LFD 规则下没有列出该 IP 地址的任何内容。从客户端计算机连接后,我能够通过 telnet 连接到端口 143 上的 dovecot,还可以访问该服务器上运行的网站,因此该 IP 似乎没有在服务器上的 IPTables 中被封锁。
下面是我这边和客户端的一些 telnet 记录,显示了服务器的响应(已替换电子邮件和密码):
客户端:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login [email protected] accountpassword
a NO [AUTHENTICATIONFAILED] Authentication failed.
我的结局:
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login [email protected] accountpassword
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in
在这一点上,我真的很挠头,所以看看了日志-
客户端的有效密码尝试(失败):
Feb 13 17:44:18 vps dovecot: auth(default): client in: AUTH#0117#011PLAIN#011service=imap#011lip=<serverip>#011rip=<clientip>#011lport=143#011rport=53055#011resp=<hidden>
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword([email protected],<clientip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword([email protected],<clientip>): Received no input
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword([email protected],<clientip>): exit_status=1
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword([email protected],<clientip>): Login failed (status=1)
Feb 13 17:44:20 vps dovecot: auth(default): client out: FAIL#0117#[email protected]
我方尝试输入错误的密码(失败):
Feb 13 17:50:37 vps dovecot: auth(default): client in: AUTH#01112#011PLAIN#011service=imap#011lip=<serverip>#011rip=<myip>#011lport=143#011rport=61139#011resp=<hidden>
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword([email protected],<myip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword([email protected],<myip>): Received no input
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword([email protected],<myip>): exit_status=1
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword([email protected],<myip>): Login failed (status=1)
Feb 13 17:50:39 vps dovecot: auth(default): client out: FAIL#01112#[email protected]
从我这边尝试输入有效密码(成功):
Feb 13 17:46:18 vps dovecot: auth(default): client in: AUTH#01110#011PLAIN#011service=imap#011lip=<serverip>#011rip=<myip>#011lport=143#011rport=61043#011resp=<hidden>
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword([email protected],<myip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword([email protected],<myip>): Received input: [email protected]#011userdb_home=/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011userdb_mail=maildir:/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011userdb_gid=501#011userdb_quota=maildir:storage=0#011userdb_uid=502#011
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword([email protected],<myip>): Received no input
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword([email protected],<myip>): exit_status=0
Feb 13 17:46:18 vps dovecot: auth(default): client out: OK#01110#[email protected]
Feb 13 17:46:18 vps dovecot: auth(default): master in: REQUEST#01112#011383992#01110
Feb 13 17:46:18 vps dovecot: auth(default): prefetch([email protected],<myip>): success
Feb 13 17:46:18 vps dovecot: auth(default): master out: USER#01112#[email protected]#011home=/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011mail=maildir:/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011gid=501#011quota=maildir:storage=0#011uid=502
Feb 13 17:46:18 vps dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=<myip>, lip=<serverip>
我应该注意,服务器托管在与客户端和我的位置不同的网络上。我尝试过重新启动服务器,但没有成功。
所以我的问题是,是否有人知道 dovecot 中是否存在某些配置/设置导致来自特定 IP 地址的连接失败?
答案1
Cpanel 有自己的暴力破解保护系统“cphulk”,这可能是被封锁的原因。
检查 whm -> 安全中心 -> cphulk 如果守护进程已启用并且 ip 已列出,则进行暴力破解保护。按“清除失败的登录”解除对 ip 的阻止