Authentication

cPanel 伺服器 - Dovecot 在特定 IP 地址上登錄失敗

  • February 13, 2013

我的其中一台 cPanel/WHM 伺服器出現了一個奇怪的問題,它似乎無法從特定 IP 地址登錄 dovecot (IMAP/POP3)。客戶正在設置一個新工作站並且忘記了他們的一個帳戶 (IMAP) 的密碼,因此 Outlook 不斷提示輸入密碼。

聽到這個,我認為 LFD 已經阻止了他們的 IP,因為密碼嘗試失敗太多(即使它已在 csf.ignore 中設置)。但遺憾的是,該 IP 地址的 CSF/LFD 規則下沒有列出任何內容。從客戶端電腦連接,我可以通過 telnet 連接到埠 143 上的 dovecot,還可以訪問在該伺服器上執行的網站,因此該 IP 似乎沒有在伺服器上的 IPTables 中被阻止。

以下是來自我端和客戶端的一些 telnet 腳本,用於顯示來自伺服器的響應(已替換電子郵件和密碼):

客戶端:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login clientemail@clientdomain.com accountpassword
a NO [AUTHENTICATIONFAILED] Authentication failed.

我的結局:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login clientemail@clientdomain.com accountpassword
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA] Logged in

在這一點上,我真的很撓頭,所以看看日誌 -

來自客戶端的有效密碼嘗試(失敗):

Feb 13 17:44:18 vps dovecot: auth(default): client in: AUTH#0117#011PLAIN#011service=imap#011lip=<serverip>#011rip=<clientip>#011lport=143#011rport=53055#011resp=<hidden>
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<clientip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<clientip>): Received no input
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<clientip>): exit_status=1
Feb 13 17:44:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<clientip>): Login failed (status=1)
Feb 13 17:44:20 vps dovecot: auth(default): client out: FAIL#0117#011user=clientemail@clientdomain.com

我的密碼嘗試錯誤(失敗):

Feb 13 17:50:37 vps dovecot: auth(default): client in: AUTH#01112#011PLAIN#011service=imap#011lip=<serverip>#011rip=<myip>#011lport=143#011rport=61139#011resp=<hidden>
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): Received no input
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): exit_status=1
Feb 13 17:50:37 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): Login failed (status=1)
Feb 13 17:50:39 vps dovecot: auth(default): client out: FAIL#01112#011user=clientemail@clientdomain.com

我的有效密碼嘗試(成功):

Feb 13 17:46:18 vps dovecot: auth(default): client in: AUTH#01110#011PLAIN#011service=imap#011lip=<serverip>#011rip=<myip>#011lport=143#011rport=61043#011resp=<hidden>
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): Received input: user=clientemail@clientdomain.com#011userdb_home=/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011userdb_mail=maildir:/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011userdb_gid=501#011userdb_quota=maildir:storage=0#011userdb_uid=502#011
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): Received no input
Feb 13 17:46:18 vps dovecot: auth(default): checkpassword(clientemail@clientdomain.com,<myip>): exit_status=0
Feb 13 17:46:18 vps dovecot: auth(default): client out: OK#01110#011user=clientemail@clientdomain.com
Feb 13 17:46:18 vps dovecot: auth(default): master in: REQUEST#01112#011383992#01110
Feb 13 17:46:18 vps dovecot: auth(default): prefetch(clientemail@clientdomain.com,<myip>): success
Feb 13 17:46:18 vps dovecot: auth(default): master out: USER#01112#011clientemail@clientdomain.com#011home=/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011mail=maildir:/home/<useraccount>/mail/<clientdomain.com>/<emailaccount>#011gid=501#011quota=maildir:storage=0#011uid=502
Feb 13 17:46:18 vps dovecot: imap-login: Login: user=<clientemail@clientdomain.com>, method=PLAIN, rip=<myip>, lip=<serverip>

我應該注意,伺服器託管在與客戶端和我所在位置不同的網路上。我試過重新啟動伺服器但沒有運氣。

所以我的問題是,有誰知道 dovecot 中是否有一些配置/設置導致來自特定 IP 地址的連接失敗?

Cpanel 有自己的蠻力保護系統“cphulk”,這可能是阻止的原因。

檢查 whm -> 安全中心 -> cphulk 如果啟用了守護程序並且列出了 IP,則蠻力保護。按“清除失敗的登錄”取消阻止IP

引用自:https://serverfault.com/questions/478272