Authentication

Dovecot 無法對某些使用者進行身份驗證

  • February 23, 2019

我有典型的 Dovecot + Postfix 設置,帶有 Apache 和 Roundcube(在 VPS 中)。昨天我設置了一切,一切順利。是的,但是今天我驚訝地發現有些使用者根本無法登錄。客戶給出這樣的消息(圓形立方體案例):

Login failed for $user from $ip. AUTHENTICATE PLAIN: Authentication failed.

最糟糕的是其他一些使用者可以登錄,這很奇怪,因為身份驗證方法等是全域的。我在網際網路上搜尋了所有解決方案,但沒有。我閱讀了有關密碼方案、密碼數據庫、身份驗證機制等的 Dovecot wiki。每當我嘗試使用 telnet/openssl 登錄時,我都會得到:

$ openssl s_client -connect imap.domain.tld:143 -starttls imap
a login $user $password
a NO [AUTHENTICATIONFAILED] Authentication failed.

最瘋狂的部分是密碼是正確的!passdb 和 userdb 設置正確(它們在我以前的伺服器上工作,並用 and 確認doveadm userdoveadm user。如果那不多,日誌什麼也不會說!(即使是最詳細的配置,啟用調試等)

這是我的鴿舍配置:

$ dovecot -n
# 2.2.29.1 (e0b76e3): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: Linux 4.9.155-gnu-0-lts x86_64  
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login cram-md5
auth_verbose = yes
auth_verbose_passwords = yes
mail_location = maildir:~/Maildir
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character         vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
 inbox = yes
 location = 
 mailbox Drafts {
   auto = subscribe
   special_use = \Drafts
 }
 mailbox Sent {
   auto = subscribe
   special_use = \Sent
 }
 mailbox Spam {
   auto = subscribe
   special_use = \Junk
 }
 mailbox Trash {
   auto = subscribe
   special_use = \Trash
 }
 prefix = 
}
passdb {
 args = /etc/passwd-file
 auth_verbose = yes
 driver = passwd-file
}
plugin {
 quota = maildir:Cuota de usuario
 quota_warning = storage=95%% quota-warning 95 %u
 sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = imap pop3 sieve
service auth {
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0660
   user = postfix
 }
 user = root
}
service imap-login {
 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
   ssl = yes
 }
}
service lmtp {
 inet_listener lmtp {
   port = 24
 }
 user = root
}
service pop3-login {
 inet_listener pop3 {
   port = 110
 }
 inet_listener pop3s {
   port = 995
   ssl = yes
 }
}
ssl = required
ssl_protocols = TLSv1.2 TLSv1.1 !SSLv3
userdb {
 args = /etc/passwd-file
 auth_verbose = yes
 driver = passwd-file
}
verbose_ssl = yes
protocol imap {
 mail_plugins = " quota imap_quota imap_sieve"
 ssl_cert = </etc/letsencrypt/live/server/fullchain.pem
 ssl_key =  # hidden, use -P to show it
}
protocol pop3 {
 ssl_cert = </etc/letsencrypt/live/server/fullchain.pem
 ssl_key =  # hidden, use -P to show it
}
protocol sieve {
 ssl_cert = </etc/letsencrypt/live/server/fullchain.pem
 ssl_key =  # hidden, use -P to show it
}
protocol lmtp {
 mail_plugins = " quota sieve"
}

請幫助我,這讓我很生氣:/

所以問題是該域指向不同的 IPv4 地址,該地址來自另一台具有類似設置的伺服器(這就是為什麼我認為它是我所說的同一台伺服器)。這台伺服器有一個 cronjob 可以從我的 CloudFlare DNS 自動更新我的域的 IPv4 地址(因為我在這台伺服器中有一個動態 IP 地址)。

引用自:https://serverfault.com/questions/955105