Dovecot 無法連接到 imaps 993
我正在嘗試在 digitalocean VPS 中設置郵件伺服器。問題是我無法遠端登錄到 993,儘管防火牆處於非活動狀態並且 dovecot 正在監聽。請告訴我我哪裡做錯了。我遵循了這個 postfix、dovecot、mysql、spamassasin 教程。
我的伺服器作業系統:
lsb_release -a
結果:
No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial
我一直按照教程進行操作,直到這一部分:
telnet example.com 993
結果:telnet mysite.com 993 Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.
我檢查了防火牆:
sudo ufw status
導致:Status: inactive
以及 dovecot 是否處於活動狀態:sudo netstat -plutn | grep 993
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::993 :::* LISTEN 27460/dovecot
Dovecot -F 沒有顯示錯誤,下面是 dovecot -n 的輸出:
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.13 (7b14904) # OS: Linux 4.4.0-34-generic x86_64 Ubuntu 16.04.1 LTS ext4 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap lmtp pop3 service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = /etc/letsencrypt/live/mysite.com/fullchain.pem ssl_key = /etc/letsencrypt/live/mysite.com/privkey.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static }
Telnet 到 postfix smtp 是可以的:
telnet mysite.com smtp
結果:Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. 220 mysite.com ESMTP Postfix (Ubuntu) ehlo mysite.com 250-mysite.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host.
請幫忙。
編輯1:
仍然沒有運氣
openssl s_client -connect mysite.com:993 -crlf
CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1515817904 Timeout : 300 (sec) Verify return code: 0 (ok) ---
執行:
telnet mysite.com 110
有時立即關閉,有時在關閉前延遲一分鐘。Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.
從我在其他地方讀到的內容,我想我應該期待這一行:
+OK Dovecot (Ubuntu) ready.
更多資訊:
sudo netstat -pltn
結果:Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:34600 0.0.0.0:* LISTEN 27939/postgres tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 27886/mysqld tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2409/sshd tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 27434/master tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 27460/dovecot tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 27460/dovecot tcp6 0 0 :::587 :::* LISTEN 27434/master tcp6 0 0 :::110 :::* LISTEN 27460/dovecot tcp6 0 0 :::80 :::* LISTEN 1519/apache2 tcp6 0 0 :::22 :::* LISTEN 2409/sshd tcp6 0 0 :::25 :::* LISTEN 27434/master tcp6 0 0 :::443 :::* LISTEN 1519/apache2 tcp6 0 0 :::993 :::* LISTEN 27460/dovecot tcp6 0 0 :::995 :::* LISTEN 27460/dovecot
順便說一句…這與>有什麼關係
sshd_config
>PasswordAuthentication no
另一個資訊
sudo iptables-save
::# Generated by iptables-save v1.6.0 on Sat Jan 13 12:55:47 2018 *filter :INPUT ACCEPT [53354:9755959] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [48733:30432882] COMMIT # Completed on Sat Jan 13 12:55:47 2018
解決方案
該問題實際上是一個配置問題,dovecot 本身在以下內容中對此進行了評論
/var/log/syslog
:Jan 14 17:34:23 mysite dovecot: imap-login: Fatal: Can't load ssl_cert: There is no valid PEM certificate. (You probably forgot '<' from ssl_cert=</etc/letsencrypt/live/mysite.com/fullchain.pem)
舊嘗試
來自 telnet 的輸出:
telnet mysite.com 993 Trying 127.0.1.1... Connected to mysite.com. Escape character is '^]'. Connection closed by foreign host.
是你所期望的。埠 993 是 IMAP 的 SSL 加密埠,因此通過 telnet 與之交談相當困難;-)
檢查是否即。雷鳥使用您的設置 - 否則在嘗試失敗後發布您的郵件客戶端和/或鴿舍的輸出。
編輯: 您可以使用 openssl 連接到您的 IMAPS 埠。還有另一個問題已經詳細回答了: https ://stackoverflow.com/q/14959461/6591024
openssl s_client -connect mysite.com:993
如鍊接問題答案中所述,您可能需要
openssl s_client -connect mysite.com:993 -crlf
在使用 MacOS 或 Windows 時強制執行 CRLF(也許?)