新的 Dovecot 安裝不允許登錄,儘管說權限“顯示正常”,但仍給出權限錯誤
我正在將 dovecot 安裝到執行 Ubuntu Server 64 位 14.04 來賓的 Virtualbox VM 上。Dovecot 本身被安裝到一個 Docker 容器中(我不確定這是否相關,但我注意到它以防萬一)。我無法讓 dovecot 允許我通過 telnet 登錄以使用 passwd 文件測試使用者身份驗證。
Dovecot 本身似乎安裝得很好。我已經開始使用它
sudo dovecot
,現在正嘗試按照http://wiki2.dovecot.org/TestInstallation上的 wiki 指南對其進行測試。在容器內,我輸入
telnet localhost 143
. Dovecot 與* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot (Ubuntu) ready.
. 然後我輸入a login "test" "test"
,但得到以下輸出:a NO [AUTHENTICATIONFAILED] Authentication failed.
我已經確認此命令適用於現有的(工作的)Ubuntu 12.04 dovecot 伺服器,在 /etc/dovecot/users 中具有類似的 passwd 文件。
該
/etc/dovecot/users
文件包含以下行:test:{SHA512-CRYPT}$6$PHmKiepXqf1vbk7u$.ruON3KVGW7LfuqxAFKG3kG5O0s3tocK5jpbaMH2Qh9scnjj.RENQ230ulYXgp9SEaZbJjFlD9HJdA6o4wVIJ1::::/home/dovecot-user/Maildir/test
這裡的使用者稱為“test”,密碼為“test”。
dovecot 日誌文件包含以下內容:
Aug 04 08:49:18 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Aug 04 08:49:18 imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges Aug 04 08:49:18 auth: Error: passwd-file: open(/etc/dovecot/users) failed: Permission denied (euid=102(dovecot) egid=106(dovecot) missing +x perm: /etc/dovecot, UNIX perms appear ok (ACL/MAC wrong?)) Aug 04 08:49:18 auth: Error: passwd-file: open(/etc/dovecot/users) failed: Permission denied (euid=102(dovecot) egid=106(dovecot) missing +x perm: /etc/dovecot, UNIX perms appear ok (ACL/MAC wrong?)) Aug 04 08:49:23 auth: Error: passwd-file(test,::1,<4V3V0Mn/5QAAAAAAAAAAAAAAAAAAAAAB>): stat(/etc/dovecot/users) failed: Permission denied (euid=102(dovecot) egid=106(dovecot) missing +x perm: /etc/dovecot, UNIX perms appear ok (ACL/MAC wrong?)) Aug 04 08:49:26 imap-login: Info: Disconnected: Too many invalid commands (auth failed, 1 attempts in 3 secs): user=<test>, method=PLAIN, rip=::1, lip=::1, secured, session=<4V3V0Mn/5QAAAAAAAAAAAAAAAAAAAAAB>
我還沒有找到任何解決這個問題的方法,包括更改文件的權限
/etc/dovecot/
並/home/dovecot-user/Maildir/
儘可能寬鬆,並將chown
文件設置為 dovecot:dovecot、root:root 和 dovecot-user:dovecot-user。目前文件權限如下:
ls -lR /etc/dovecot
:/etc/dovecot/dovecot: -rwxrwx--- 1 dovecot dovecot 116 Aug 3 20:07 README drwxrwx--- 2 dovecot dovecot 4096 Aug 4 08:45 conf.d -rwxrwx--- 1 dovecot dovecot 410 Aug 3 20:07 dovecot-db.conf.ext -rwxrwx--- 1 dovecot dovecot 782 Aug 3 20:07 dovecot-dict-sql.conf.ext -rwxrwx--- 1 dovecot dovecot 5348 Aug 3 20:07 dovecot-sql.conf.ext -rwxrwx--- 1 dovecot dovecot 3794 Aug 3 20:07 dovecot.conf -rwxrwx--- 1 dovecot dovecot 3795 Aug 3 20:07 dovecot.conf.factory_settings -rw-r--r-- 1 dovecot dovecot 1314 Aug 3 22:02 dovecot.pem drwx------ 2 dovecot dovecot 4096 Aug 4 03:53 private -rwxr-xr-x 1 dovecot dovecot 357 Aug 4 08:23 users /etc/dovecot/conf.d: total 108 -rwxrwx--- 1 dovecot dovecot 5258 Aug 3 20:07 10-auth.conf -rwxrwx--- 1 dovecot dovecot 1691 Aug 3 20:07 10-director.conf -rwxrwx--- 1 dovecot dovecot 2650 Aug 4 03:50 10-logging.conf -rwxrwx--- 1 dovecot dovecot 14476 Aug 3 20:07 10-mail.conf -rwxrwx--- 1 dovecot dovecot 2920 Aug 3 20:07 10-master.conf -rwxrwx--- 1 dovecot dovecot 1654 Aug 3 20:07 10-ssl.conf -rwxrwx--- 1 dovecot dovecot 1654 Aug 3 20:07 10-ssl.conf.save -rw-r--r-- 1 dovecot dovecot 291 May 14 18:11 10-tcpwrapper.conf -rwxrwx--- 1 dovecot dovecot 1607 Aug 3 20:07 15-lda.conf -rw-r--r-- 1 dovecot dovecot 1137 May 14 18:11 15-mailboxes.conf -rwxrwx--- 1 dovecot dovecot 2402 Aug 3 20:07 20-imap.conf -rw-r--r-- 1 dovecot dovecot 4007 May 14 18:11 20-pop3.conf -rwxrwx--- 1 dovecot dovecot 676 Aug 3 20:07 90-acl.conf -rwxrwx--- 1 dovecot dovecot 292 Aug 3 20:07 90-plugin.conf -rwxrwx--- 1 dovecot dovecot 2251 Aug 3 20:07 90-quota.conf -rw-r--r-- 1 dovecot dovecot 499 May 14 18:11 auth-checkpassword.conf.ext -rwxrwx--- 1 dovecot dovecot 486 Aug 3 20:07 auth-deny.conf.ext -rwxrwx--- 1 dovecot dovecot 558 Aug 3 20:07 auth-master.conf.ext -rwxrwx--- 1 dovecot dovecot 329 Aug 4 03:45 auth-passwdfile.conf.ext -rw-r--r-- 1 dovecot dovecot 788 May 14 18:11 auth-sql.conf.ext -rwxrwx--- 1 dovecot dovecot 608 Aug 3 20:07 auth-static.conf.ext -rwxrwx--- 1 dovecot dovecot 2106 Aug 3 20:07 auth-system.conf.ext -rwxrwx--- 1 dovecot dovecot 327 Aug 3 20:07 auth-vpopmail.conf.ext
ls -lR /home/dovecot-user/Maildir/
:/home/dovecot-user/Maildir/: total 4 drwx------ 10 dovecot-user dovecot-user 4096 Aug 4 03:45 test
/home/dovecot-user/Maildir/test:
total 12 drwx------ 2 dovecot-user dovecot-user 4096 Aug 4 03:45 cur drwx------ 2 dovecot-user dovecot-user 4096 Aug 4 03:45 new drwx------ 2 dovecot-user dovecot-user 4096 Aug 4 03:45 tmp
輸出
dovecot -n
:# 2.2.9: /etc/dovecot/dovecot.conf doveconf: Error: setmntent(/etc/mtab) failed: No such file or directory # OS: Linux 3.13.0-32-generic x86_64 Ubuntu 14.04.1 LTS first_valid_uid = 8 last_valid_uid = 1001 log_path = /testout mail_gid = 1000 mail_location = maildir:/home/dovecot-user/Maildir/%u mail_privileged_group = mail mail_uid = 1000 namespace { inbox = yes location = prefix = separator = / type = private } namespace inbox { location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = " imap pop3" ssl = required ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } verbose_ssl = yes
我不確定這是文件權限問題,
apparmor
還是selinux
問題,以及如何進行調試和修復。在過去的幾年裡,我已經看到了近十幾個關於此的論壇文章,但沒有詳細記錄的修復。因此,我認為這個問題並不是我獨有的,我希望在這裡得到一些幫助,將來會有很好的記錄。
我不確定這是否確實是 AppArmor 問題(在上面@André-Daniel 的評論之後),因為關閉/解除安裝 AppArmor 對錯誤消息沒有幫助。不過,作為記錄,我找到了一種解決問題的方法。該修復涉及幾個組件:
- 確保在 /etc/dovecot/conf.d/10-mail.conf 中設置了有效的 uid 和 gid(例如,Maildir 目錄儲存在其主目錄中的使用者)
- 確保 Maildir 目錄中的所有文件都歸該 uid 和 gid (
chown --recursive $(id -u):$(id -g) /home/username/Maildir
)所有- 將使用者/密碼文件儲存在 /etc/dovecot 之外,上面 (1) 中的使用者可以訪問它。完成此操作並
chown
按照上面的 (2) 進行編輯後,我開始在 dovecot 日誌中收到一條單獨的錯誤消息,關於重複的命名空間。- 我按照https://workaround.org/comment/3326#comment-3326解決了上面 (3) 的錯誤,建議添加
inbox = yes
到namespace inbox {...
/etc/dovecot/conf.d/15-mailboxes.conf 的部分,並發表評論namespace
在 /etc/dovecot/conf.d/10-mail.conf中的整個部分