Dovecot

在 mail.log 中禁用密碼

  • December 30, 2017

我正在執行 postfix/dovecot/mysql 郵件伺服器。

在我的 /var/log/mail.log 中,我可以看到我的純文字密碼:

dovecot: auth-worker(25749): pam(username@example.com,1.2.3.4,<FgaHxoXXdgCvy/>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password:myPlaiNTextPassword)

也許這沒什麼大不了的,但我覺得不舒服。

如何禁用顯示在 /var/log/mail.log 中的純文字密碼條目?

dovecot -n:

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-4-amd64 x86_64 Debian 9.3 ext4
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = yes
imap_id_send = name
mail_debug = yes
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
 inbox = yes
 location = 
 mailbox Drafts {
   special_use = \Drafts
 }
 mailbox Junk {
   special_use = \Junk
 }
 mailbox Sent {
   special_use = \Sent
 }
 mailbox "Sent Messages" {
   special_use = \Sent
 }
 mailbox Trash {
   special_use = \Trash
 }
 prefix = 
}
passdb {
 driver = pam
}
passdb {
 args = /etc/dovecot/dovecot-sql.conf.ext
 driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
 user = vmail
}
service auth {
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0666
   user = postfix
 }
 unix_listener auth-userdb {
   mode = 0600
   user = vmail
 }
 user = dovecot
}
service imap-login {
 inet_listener imap {
   port = 143
 }
 inet_listener imaps {
   port = 993
   ssl = yes
 }
}
service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
}
ssl = required
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key =  # hidden, use -P to show it
userdb {
 driver = passwd
}
userdb {
 args = /etc/dovecot/dovecot-sql.conf.ext
 driver = sql
}
userdb {
 args = uid=vmail gid=vmail home=/var/vmail/%u
 driver = static
}

我會切換以下值:

auth_debug = yes
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = yes

嘗試no,當然。

(另外,檢查密碼方案。現在它可能是純文字。嘗試使用任何類型的密碼散列代替。)

引用自:https://serverfault.com/questions/890106