Email-Server

Dovecot 無法連接到 imaps 993

  • January 15, 2018

我正在嘗試在 digitalocean VPS 中設置郵件伺服器。問題是我無法遠端登錄到 993,儘管防火牆處於非活動狀態並且 dovecot 正在監聽。請告訴我我哪裡做錯了。我遵循了這個 postfix、dovecot、mysql、spamassasin 教程

我的伺服器作業系統:

lsb_release -a

結果:

No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 16.04.1 LTS
Release:        16.04
Codename:       xenial

我一直按照教程進行操作,直到這一部分:telnet example.com 993結果:

telnet mysite.com 993
Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.

我檢查了防火牆:sudo ufw status導致:

Status: inactive

以及 dovecot 是否處於活動狀態:sudo netstat -plutn | grep 993

tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      27460/dovecot
tcp6       0      0 :::993                  :::*                    LISTEN      27460/dovecot

Dovecot -F 沒有顯示錯誤,下面是 dovecot -n 的輸出:

# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
 inbox = yes
 location =
 mailbox Drafts {
   special_use = \Drafts
 }
 mailbox Junk {
   special_use = \Junk
 }
 mailbox Sent {
   special_use = \Sent
 }
 mailbox "Sent Messages" {
   special_use = \Sent
 }
 mailbox Trash {
   special_use = \Trash
 }
 prefix =
}
passdb {
 args = /etc/dovecot/dovecot-sql.conf.ext
 driver = sql
}
protocols = imap lmtp pop3
service auth-worker {
 user = vmail
}
service auth {
 unix_listener /var/spool/postfix/private/auth {
   group = postfix
   mode = 0666
   user = postfix
 }
 unix_listener auth-userdb {
   mode = 0600
   user = vmail
 }
 user = dovecot
}
service imap-login {
 inet_listener imap {
   port = 0
 }
}
service lmtp {
 unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
 }
}
ssl = required
ssl_cert = /etc/letsencrypt/live/mysite.com/fullchain.pem
ssl_key = /etc/letsencrypt/live/mysite.com/privkey.pem
userdb {
 args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
 driver = static
}

Telnet 到 postfix smtp 是可以的:telnet mysite.com smtp結果:

Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
220 mysite.com ESMTP Postfix (Ubuntu)
ehlo mysite.com
250-mysite.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

請幫忙。

編輯1:

仍然沒有運氣openssl s_client -connect mysite.com:993 -crlf

CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : TLSv1.2
   Cipher    : 0000
   Session-ID:
   Session-ID-ctx:
   Master-Key:
   Key-Arg   : None
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1515817904
   Timeout   : 300 (sec)
   Verify return code: 0 (ok)
---

雷鳥運氣不好: 雷鳥不成功

執行:telnet mysite.com 110有時立即關閉,有時在關閉前延遲一分鐘。

Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.

從我在其他地方讀到的內容,我想我應該期待這一行:+OK Dovecot (Ubuntu) ready.

更多資訊:sudo netstat -pltn結果:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:34600         0.0.0.0:*               LISTEN      27939/postgres
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      27886/mysqld
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      27434/master
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      27460/dovecot
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2409/sshd
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      27434/master
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      27460/dovecot
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      27460/dovecot
tcp6       0      0 :::587                  :::*                    LISTEN      27434/master
tcp6       0      0 :::110                  :::*                    LISTEN      27460/dovecot
tcp6       0      0 :::80                   :::*                    LISTEN      1519/apache2
tcp6       0      0 :::22                   :::*                    LISTEN      2409/sshd
tcp6       0      0 :::25                   :::*                    LISTEN      27434/master
tcp6       0      0 :::443                  :::*                    LISTEN      1519/apache2
tcp6       0      0 :::993                  :::*                    LISTEN      27460/dovecot
tcp6       0      0 :::995                  :::*                    LISTEN      27460/dovecot

順便說一句…這與>有什麼關係sshd_config>PasswordAuthentication no

另一個資訊sudo iptables-save::

# Generated by iptables-save v1.6.0 on Sat Jan 13 12:55:47 2018
*filter
:INPUT ACCEPT [53354:9755959]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [48733:30432882]
COMMIT
# Completed on Sat Jan 13 12:55:47 2018

解決方案

該問題實際上是一個配置問題,dovecot 本身在以下內容中對此進行了評論/var/log/syslog

Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem)

舊嘗試

來自 telnet 的輸出:

telnet mysite.com 993
Trying 127.0.1.1...
Connected to mysite.com.
Escape character is '^]'.
Connection closed by foreign host.

是你所期望的。埠 993 是 IMAP 的 SSL 加密埠,因此通過 telnet 與之交談相當困難;-)

檢查是否即。雷鳥使用您的設置 - 否則在嘗試失敗後發布您的郵件客戶端和/或鴿舍的輸出。

編輯: 您可以使用 openssl 連接到您的 IMAPS 埠。還有另一個問題已經詳細回答了: https ://stackoverflow.com/q/14959461/6591024

openssl s_client -connect mysite.com:993

如鍊接問題答案中所述,您可能需要openssl s_client -connect mysite.com:993 -crlf在使用 MacOS 或 Windows 時強制執行 CRLF(也許?)

引用自:https://serverfault.com/questions/891944