Postfix
帶有 Dovecot 的後綴(Imap):沒有可用的身份驗證
我正在使用 Dovecot 讓 Imap 訪問我的郵件伺服器(在 Raspbian 上)。我正在使用系統使用者並且能夠成功測試登錄 (
doveadm auth test ...
)。但我無法通過 telnet 獲得 auth 選項:sudo telnet localhost 25 Trying ::1... Connected to localhost. Escape character is '^]'. 220 mail.mydomain.org ESMTP Postfix
sudo telnet localhost 143 Trying ::1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host.
我錯過了wiki
[AUTH=PLAIN]
中提到的狀態。我沒有得到關於 systemctl 狀態的任何錯誤。我不知道還能嘗試什麼!你能幫我嗎?謝謝!!
我的鴿舍配置
dovecot -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.19.42-v7+ armv7l Debian 9.9 auth_debug_passwords = yes auth_mechanisms = plain login auth_username_format = %Ln auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /etc/dovecot/log/debug.txt info_log_path = /etc/dovecot/log/info.txt mail_debug = yes mail_location = mbox:~/mail:INBOX=/var/mail/%u managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext passdb { driver = shadow } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = imap lmtp sieve service auth-worker { name = auth-worker } service { unix_listener { group = postfix mode = 0660 user = postfix path = /var/spool/postfix/private/auth } name = auth } service { inet_listener { port = 143 name = imap } inet_listener { port = 993 ssl = yes name = imaps } name = imap-login } service { unix_listener { group = postfix mode = 0600 user = postfix path = /var/spool/postfix/private/dovecot-lmtp } name = lmtp } ssl_cert = /etc/letsencrypt/live/mail.mydomain.org/cert.pem ssl_key = # hidden, use -P to show it userdb { driver = passwd } verbose_ssl = yes protocol lmtp { mail_plugins = quota sieve postmaster_address = pi@mydomain.org } protocol lda { ... } protocol imap { ... } protocol sieve { ... }
我的後綴
/etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version myhostname = mail.mydomain.org mydomain = mydomain.org myorigin = $mydomain inet_interfaces = all mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 127.0.0.0/8 #relay_domains = #home_mailbox = Maildir/ inet_protocols = ipv4, ipv6 # TLS smtpd_use_tls=yes smtpd_tls_auth_only = yes smtp_tls_security_level = yes smtpd_tls_security_level = may smtpd_tls_cert_file=/etc/letsencrypt/live/mail.mydomain.org/fullchain.pem smtpd_tls_key_file=/etc/letsencrypt/live/mail.mydomain.org/privkey.pem # Authentication smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous, noplaintext smtpd_sasl_tls_security_options = noanonymous smtpd_sasl_local_domain = $mydomain # when mail location = maildir:~/.maildir mailbox_transport = lmtp:unix:private/dovecot-lmtp # Virtual user scenario virtual_transport = lmtp:unix:private/dovecot-lmtp biff = no # appending .domain is the MUA's job. append_dot_mydomain = no readme_directory = no # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on # fresh installs. compatibility_level = 2
我的後綴
/etc/postfix/master.cf
# ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_type=dovecot -o smtpd_sasl_path=private/auth -o smtpd_sasl_security_options=noanonymous -o smtpd_sasl_local_domain=$myhostname -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_reject_unlisted_recipient=no -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING
網路統計
sudo netstat -tulpn | grep LISTEN
:tcp 0 0 0.0.0.0:4190 0.0.0.0:* LISTEN 7055/dovecot tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 7055/dovecot tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 6999/master tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 7055/dovecot tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6999/master tcp6 0 0 :::443 :::* LISTEN 657/apache2 tcp6 0 0 :::4190 :::* LISTEN 7055/dovecot tcp6 0 0 :::993 :::* LISTEN 7055/dovecot tcp6 0 0 :::587 :::* LISTEN 6999/master tcp6 0 0 :::143 :::* LISTEN 7055/dovecot tcp6 0 0 :::80 :::* LISTEN 657/apache2 tcp6 0 0 :::25 :::* LISTEN 6999/master
編輯1: 我收到了這個命令錯誤
openssl s_client -connect localhost:imaps
write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 198 bytes Verification: OK ---
但事實證明,我在and路徑
<
之前忘記了。ssl_cert``ssl_key
按設計工作。
這正是
smtpd_sasl_security_options=noplaintext
in 後綴和disable_plaintext_auth=yes
in dovecot 的目的。這些選項可防止(提供)通過不安全通道進行的身份驗證。您可以通過啟動安全 SMTP 連接來驗證您的伺服器是否通過安全通道提供身份驗證:$ (echo EHLO localhost; sleep 1) | openssl s_client -starttls smtp -connect localhost:submission .. 220 example.com ESMTP Postfix .. 250-AUTH PLAIN LOGIN
安全 IMAP 連接也是如此:
$ sleep 1 | openssl s_client -connect localhost:imaps .. * OK [CAPABILITY IMAP4rev1 .. AUTH=PLAIN AUTH=LOGIN]
**禁用明文身份驗證絕對沒有錯。只需將所有郵件客戶端配置為通過 TLS 訪問郵件。**您甚至可能想要禁用純文字 IMAP 以防止出錯。