dovecot授权失败时,试图通过狗连接,但所有建议多维柯奥斯测试工作
dovecot授权失败时,试图通过狗连接,但所有建议多维柯奥斯测试工作
提问于 2020-04-18 22:24:50
当我试图通过我的客户端(mutt)连接时,我不明白为什么dovecot授权过程会从我的用户名中删除域。
我使用简单的auth密码userdb/passdb进行身份验证,暂时禁用auth-system (使用PAM) (它阻塞了日志,因为我只是试图设置一个虚拟用户)。更多的解释在结尾。
doveadm auth test -x service=imap user@domain.id
passdb: user@domain.id auth succeeded
extra fields:
user=user@domain.id和
dovecot auth test user@domain.id password
passdb: user@domain.id auth succeeded
extra fields:
user=user@domain.id和
telnet imap.domain.id 143
trying xx.xxx.xx.x
Connected to imap.domain.id
Escape character is '^]'
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN] Dovecot ready.
a login user password
OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY LITERAL+ NOTIFY SPECIAL-USE] Logged in到目前为止一切都好
mail.log:
Apr 18 14:42:32 dserver dovecot: auth: Debug: auth client connected (pid=1153208)
Apr 18 14:42:48 dserver dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011session=9z4GjJejPOpDqz0B#011lip=192.168.1.18#011rip=67.171.61.1#011lport=143#011rport=59964#011resp=AHNwZW5jZXJAZGF2ZXkuaWQAQmVuZGVyYmMx (previous base64 data may contain sensitive data)
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Performing passdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): lookup: user=user@domain.id file=/etc/dovecot/users
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Finished passdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: auth(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Auth request finished
Apr 18 14:42:48 dserver dovecot: auth: Debug: client passdb out: OK#0111#011user=user@domain.id
Apr 18 14:42:48 dserver dovecot: auth: Debug: master in: REQUEST#0112833514497#0111153208#0111#01168847acfe57555a93ec42d643c212c9b#011session_pid=1153448#011request_auth_token
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Performing userdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): lookup: user=user@domain.id file=/etc/dovecot/users
Apr 18 14:42:48 dserver dovecot: auth: Debug: passwd-file(user@domain.id,xx.xx.xx.x,<9z4GjJejPOpDqz0B>): Finished userdb lookup
Apr 18 14:42:48 dserver dovecot: auth: Debug: master userdb out: USER#0112833514497#011user#011uid=500#011gid=5000#011home=/var/vmail/domain/user/#011auth_token=10245b24c5981d5c412658bd640ac3dd0a1c3f57
Apr 18 14:42:48 dserver dovecot: imap-login: Login: user=<user@domain.id>, method=PLAIN, rip=xx.xx.xx.x, lip=192.168.1.18, mpid=1153448
Apr 18 14:42:48 dserver dovecot: imap(user@domain.id)<1153448><9z4GjJejPOpDqz0B>: Debug: Effective uid=500, gid=5000, home=/var/vmail/domain.id/user/
Apr 18 14:42:48 dserver dovecot: imap(user@domain.id)<1153448><9z4GjJejPOpDqz0B>: Debug: Home dir not found: /var/vmail/domain.id/user/
Apr 18 14:42:48 dserver dovecot: imap(user@domain.id)<1153448><9z4GjJejPOpDqz0B>: Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir
Apr 18 14:42:48 dserver dovecot: imap(user@domian.id)<1153448><9z4GjJejPOpDqz0B>: Debug: maildir++: root=/var/vmail/domain.id/user//Maildir, index=, indexpvt=, control=, inbox=/var/vmail/domain.id/user//Maildir, alt=
Apr 18 14:42:59 dserver dovecot: imap(user@domain.id)<1153448><9z4GjJejPOpDqz0B>: Logged out in=19 out=520 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0现在失败了:
mutt -f imap://user@domain.id
Password: *******
login failedmail.log:
Apr 18 14:52:24 dserver dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Apr 18 14:52:24 dserver dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Apr 18 14:52:24 dserver dovecot: auth: Debug: Read auth token secret from /var/run/dovecot//auth-token-secret.dat
Apr 18 14:52:24 dserver dovecot: auth: Debug: passwd-file /etc/dovecot/users: Read 1 users in 0 secs
Apr 18 14:52:24 dserver dovecot: auth: Debug: auth client connected (pid=1160786)
Apr 18 14:52:33 dserver dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=fcvlrpejlutDqz0B#011lip=192.168.1.18#011rip=67.171.61.1#011lport=143#011rport=60310#011local_name=davey.id#011ssl_cipher=TLS_AES_256_GCM_SHA384#011ssl_cipher_bits=256#011ssl_pfs=KxANY#011ssl_protocol=TLSv1.3#011resp=c3BlbmNlcgBzcGVuY2VyAEJlbmRlcmJjMQ== (previous base64 data may contain sensitive data)
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Performing passdb lookup
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): lookup: user=user file=/etc/dovecot/users
Apr 18 14:52:33 dserver dovecot: auth: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): unknown user
Apr 18 14:52:33 dserver dovecot: auth: Debug: passwd-file(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Finished passdb lookup
Apr 18 14:52:33 dserver dovecot: auth: Debug: auth(user,xx.xxx.xx.x,<fcvlrpejlutDqz0B>): Auth request finished
Apr 18 14:52:35 dserver dovecot: auth: Debug: client passdb out: FAIL#0111#011user=user
Apr 18 14:55:24 dserver dovecot: imap-login: Disconnected: Inactivity (auth failed, 1 attempts in 171 secs): user=<user>, method=PLAIN, rip=xx.xxx.xx.x, lip=192.168.1.18, TLS我希望我的passdb文件在用户字段中包含@domain.id,以便能够在一个文件中区分相同的用户名、不同的域。并将我的邮箱映射为:
~/%d/%n/Maildir当我从passdb文件中的username字段中删除@domain.id时,它就正常工作了。我读过所有关于dovecot如何不关心域的文章,您可以使用%u或%n来操作身份验证
问题是很明显的,我的解决办法没有奏效。当通过Mutt登录时,auth会从用户名中删除@domain.id,因此它不会在我的passdb文件中进行身份验证。我尝试过以下所有组合:
auth_username_format = %u
auth_username_format = %n和
passdb {
driver = passwd-file
args = scheme=CRYPT **username_format=%u** /etc/dovecot/passdb
}
passdb {
driver = passwd-file
args = scheme=CRYPT **username_format%n** /etc/dovecot/passdb**是我的重点
为什么IMAP认证的工作方式与我的telnet测试不同,而不是通过Mutt?我必须暂时启用明文测试,但这并不影响我的passdb文件中用户名的不匹配。是否有其他地方定义了username_format (或类似的配置)?24小时后我到处都搜遍了。
任何帮助都是非常感谢的。
回答 1
Server Fault用户
发布于 2020-04-19 04:05:17
把头发拔出来找错地方了。问题是我通过Mutt访问的方式。mutt -f请求查找一个邮箱文件,我假设它名为'user',所以这就是发送到身份验证机制的内容,忽略了'@domain.id'。我尝试了一个不同的客户端,并能够成功地创建/访问帐户。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1012987
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号