Ubuntu

Dovecot:auth_username_chars 不允許的使用者名字元:0x0a

  • January 7, 2020

我正在嘗試設置一個 postfix+dovecot 伺服器以使用 GNU Mailman 創建一個郵件列表伺服器,但是我目前堅持使用 dovecot 設置 SASL 身份驗證。似乎在 base64 編碼的使用者名中添加了換行符

**注意 -**我隱藏了我的實際域名並將其替換為mail.example.org我的公共 IPX.X.X.X

telnet 會話如下所示

sh-5.0$ telnet mail.example.org 25
Trying X.X.X.X...
Connected to mail.example.org.
Escape character is '^]'.
220 mail.example.org ESMTP Postfix (Ubuntu)
EHLO mail.example.org
250-mail.example.org
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 SMTPUTF8
AUTH LOGIN
334 VXNlcm5hbWU6
Y29jb2EK
535 5.7.8 Error: authentication failed: VXNlcm5hbWU6

使用者名是cocoa,我使用echo cocoa | openssl base64. 現在,當我檢查我的鴿舍日誌時:

Jan 07 11:28:51 master: Info: Dovecot v2.2.33.2 (d6601f4ec) starting up without any protocols (core dumps disabled)
Jan 07 11:29:06 auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jan 07 11:29:06 auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jan 07 11:29:06 auth: Debug: Wrote new auth token secret to /var/run/dovecot/auth-token-secret.dat
Jan 07 11:29:06 auth: Debug: auth client connected (pid=0)
Jan 07 11:29:52 auth: Debug: client in: AUTH    1   PLAIN   service=smtp    nologin lip=X.X.X.X rip=106.202.14.226  resp=<hidden>
Jan 07 11:29:52 auth: Info: pam(cocoa,106.202.14.226): Attempted login with password having illegal chars
Jan 07 11:29:54 auth: Debug: client passdb out: FAIL    1   user=cocoa
Jan 07 11:30:48 auth: Debug: client in: AUTH    2   LOGIN   service=smtp    nologin lip=X.X.X.X rip=106.202.14.226
Jan 07 11:30:48 auth: Debug: client passdb out: CONT    2   VXNlcm5hbWU6
Jan 07 11:30:51 auth: Debug: client in: CONT<hidden>
Jan 07 11:30:51 auth: Info: login(?,106.202.14.226): Username character disallowed by auth_username_chars: 0x0a (username: cocoa?)
Jan 07 11:30:53 auth: Debug: client passdb out: FAIL    2   user=cocoan original_user=cocoan
Jan 07 11:31:44 auth: Debug: client in: AUTH    3   LOGIN   service=smtp    nologin lip=X.X.X.X rip=106.202.14.226
Jan 07 11:31:44 auth: Debug: client passdb out: CONT    3   VXNlcm5hbWU6
Jan 07 11:31:57 auth: Debug: client in: CONT<hidden>
Jan 07 11:31:57 auth: Info: login(?,106.202.14.226): Username character disallowed by auth_username_chars: 0x0a (username: cocoa?)
Jan 07 11:31:59 auth: Debug: client passdb out: FAIL    3   user=cocoan original_user=cocoan

日誌似乎說使用者名是cocoan我編碼的cocoa。我懷疑n是來自\n角色的某種方式?但我不確定它是如何添加的

我的 dovecot.conf 看起來像這樣

root@mail:/etc/dovecot# cat dovecot.conf | grep -v ^#

!include_try /usr/share/dovecot/protocols.d/*.protocol
dict {
 #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
 #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
}
!include conf.d/*.conf
!include_try local.conf

我編輯的唯一文件是10-auth.conf

auth_mechanisms = plain login
!include auth-system.conf.ext

10-master.confservice auth {}

service auth {

 unix_listener auth-userdb {
   #mode = 0666
   #user = 
   #group = 
 }

 # Postfix smtp-auth
 unix_listener /var/spool/postfix/private/auth {
   mode = 0666
   user = postfix
   group = postfix
 }

 # Auth process is run as this user.
 #user = $default_internal_user
}

最後,我的postfix.conf樣子是這樣的

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
# fresh installs.
compatibility_level = 2

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = mail.example.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = $myhostname, mail.example.org, localhost.example.org, , localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_local_domain = 
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes

我真的很感激任何幫助。在過去的兩天裡,我一直被困在這個問題上

所以我在這裡在reddit上發布了同樣的問題,reddit使用者slugonamission正確地指出echo預設情況下會添加一個換行符,所以我不得不這樣做echo -n cocoa | openssl base64而不是echo cocoa | openssl base64

我會留下這個,以防有人像我一樣健忘

引用自:https://serverfault.com/questions/998006