Authentication
Dovecot 無法對某些使用者進行身份驗證
我有典型的 Dovecot + Postfix 設置,帶有 Apache 和 Roundcube(在 VPS 中)。昨天我設置了一切,一切順利。是的,但是今天我驚訝地發現有些使用者根本無法登錄。客戶給出這樣的消息(圓形立方體案例):
Login failed for $user from $ip. AUTHENTICATE PLAIN: Authentication failed.最糟糕的是其他一些使用者可以登錄,這很奇怪,因為身份驗證方法等是全域的。我在網際網路上搜尋了所有解決方案,但沒有。我閱讀了有關密碼方案、密碼數據庫、身份驗證機制等的 Dovecot wiki。每當我嘗試使用 telnet/openssl 登錄時,我都會得到:
$ openssl s_client -connect imap.domain.tld:143 -starttls imap a login $user $password a NO [AUTHENTICATIONFAILED] Authentication failed.最瘋狂的部分是密碼是正確的!passdb 和 userdb 設置正確(它們在我以前的伺服器上工作,並用 and 確認
doveadm user)doveadm user。如果那不多,日誌什麼也不會說!(即使是最詳細的配置,啟用調試等)這是我的鴿舍配置:
$ dovecot -n # 2.2.29.1 (e0b76e3): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.18 (29cc74d) # OS: Linux 4.9.155-gnu-0-lts x86_64 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login cram-md5 auth_verbose = yes auth_verbose_passwords = yes mail_location = maildir:~/Maildir mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = /etc/passwd-file auth_verbose = yes driver = passwd-file } plugin { quota = maildir:Cuota de usuario quota_warning = storage=95%% quota-warning 95 %u sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = root } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { inet_listener lmtp { port = 24 } user = root } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_protocols = TLSv1.2 TLSv1.1 !SSLv3 userdb { args = /etc/passwd-file auth_verbose = yes driver = passwd-file } verbose_ssl = yes protocol imap { mail_plugins = " quota imap_quota imap_sieve" ssl_cert = </etc/letsencrypt/live/server/fullchain.pem ssl_key = # hidden, use -P to show it } protocol pop3 { ssl_cert = </etc/letsencrypt/live/server/fullchain.pem ssl_key = # hidden, use -P to show it } protocol sieve { ssl_cert = </etc/letsencrypt/live/server/fullchain.pem ssl_key = # hidden, use -P to show it } protocol lmtp { mail_plugins = " quota sieve" }請幫助我,這讓我很生氣:/
所以問題是該域指向不同的 IPv4 地址,該地址來自另一台具有類似設置的伺服器(這就是為什麼我認為它是我所說的同一台伺服器)。這台伺服器有一個 cronjob 可以從我的 CloudFlare DNS 自動更新我的域的 IPv4 地址(因為我在這台伺服器中有一個動態 IP 地址)。