讓 dockerized roundcube 與 dockerized dovecot 一起工作 - 不允許使用純文字
我有一台同時執行圓形立方體和鴿舍的伺服器,每個伺服器都在自己的容器中。伺服器使用letsencrypt保護,所有http流量都路由到https。我有一個代理設置來將 https 路由到 http roundcube,這似乎工作正常。
location /webmail/ { proxy_pass http://localhost:8080/; }
我的roundcube docker是這樣啟動的:
docker run --name=roundcube -e ROUNDCUBEMAIL_DEFAULT_HOST=mail.blinkyvision.com -d -p "8080:80" roundcube/roundcubemail
我還告訴 roundcube 使用 https (defaults.inc.php)。所有其他圓形立方體選項都是預設的:
$config['use_https'] = true;
當我轉到圓形立方體頁面時,地址確實正確顯示為 https://
但是當我嘗試登錄時,我的 dovecot 伺服器出現錯誤:
Jan 8 19:53:15 mail dovecot: imap-login: Login failed: Plaintext authentication disabled: user=<>, rip=172.18.0.1, lip=172.18.0.2, session=<dy43svd+8sOsEgAB>
圓形立方體日誌中的錯誤:
172.17.0.1 - - [08/Jan/2019:19:53:03 +0000] "GET / HTTP/1.0" 200 2667 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" errors: <1228866d> IMAP Error: Login failed for sven from 172.17.0.1. LOGIN: Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. in /var/www/html/program/lib/Roundcube/rcube_imap.php on line 196 (POST /?_task=login&_action=login)172.17.0.1 - - [08/Jan/2019:19:53:15 +0000] "POST /?_task=login HTTP/1.0" 200 2935 "https://blinkyvision.com/webmail/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36
我想不出任何其他可能解決此問題的設置。
順便說一句,這裡是鴿舍設置
root@mail:/# dovecot -n # 2.2.34 (874deae): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.22 (22940fb7) # OS: Linux 4.15.0-43-generic x86_64 Debian 9.6 ext4 # Hostname: mail.blinkyvision.com auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1:6 hostname = mail.blinkyvision.com imap_idle_notify_interval = 29 mins lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_location = maildir:/var/mail/%d/%n mail_privileged_group = docker managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe vnd.dovecot.filter namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/userdb driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe +vnd.dovecot.filter sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster@blinkyvision.com protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = docker mode = 0666 user = docker } unix_listener auth-master { group = docker mode = 0600 user = docker } unix_listener auth-userdb { group = docker mode = 0666 user = docker } } service imap-login { inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener lmtp { group = postfix mode = 0660 } } service pop3-login { inet_listener pop3s { port = 995 ssl = yes } } ssl = required ssl_cert = </etc/letsencrypt/live/mail.blinkyvision.com/fullchain.pem ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1 userdb { args = username_format=%u /etc/dovecot/userdb default_fields = uid=docker gid=docker home=/var/mail/%d/%u driver = passwd-file } protocol lmtp { mail_plugins = " sieve" } protocol lda { mail_plugins = " sieve" }
除了在 Google 上查找它們之外,我對 Roundcube 或 Dovecot 幾乎一無所知……但這看起來像是 IMAP 錯誤,而不是 HTTP 錯誤。
似乎有人或某事試圖在不使用 SSL 的情況下登錄 IMAP 伺服器。我的意思是在 IMAP 服務上。
我的猜測:Roundcube 是實際郵件伺服器 Dovecot 的網路郵件前端,它使用 IMAP 連接到該伺服器。但是這個連接沒有使用 SSL,因此 Dovecot 拒絕登錄,Roundcube 只是報告它從 Dovecot 得到的錯誤。這與最終使用者如何訪問 Roundcube 本身 (HTTPS) 無關。
另一個快速搜尋出現了:https ://github.com/roundcube/roundcubemail/wiki/Configuration 。
如果您想使用加密連接,Roundcube 的預設 IMAP 伺服器看起來應該以“ssl://”或“tls://”為前綴。嘗試更改
ROUNDCUBEMAIL_DEFAULT_HOST=mail.blinkyvision.com
為ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.blinkyvision.com:993
.