Dovecot
使用 dovecot 進行身份驗證
我正在嘗試使用 Thunderbird 訪問我的電子郵件,但我遇到了身份驗證問題。我正在使用有效的證書並
adduser testuser使用簡單的密碼(1 個字母,8 似乎沒有改變任何東西)。根據日誌,它找不到使用者。我沒有修改 10-auth.conf 或 conf.d 中的任何內容,我需要修改嗎?這是我的 dovecot.conf 和日誌文件
disable_plaintext_auth = no mail_privileged_group = mail mail_location = mbox:~/mail:INBOX=/var/mail/%u userdb { driver = passwd } passdb { driver = shadow args = blocking=no } protocols = " imap" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } ssl=required ssl_cert = </etc/letsencrypt/live/MY_DOMAIN.COM/fullchain.pem ssl_key = </etc/letsencrypt/live/MY_DOMAIN.COM/privkey.pem auth_verbose=yes auth_debug=yes auth_debug_passwords=yes mail_debug=yes日誌文件
dovecot: master: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) dovecot: anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) dovecot: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=kill) dovecot: master: Dovecot v2.2.13 starting up for imap (core dumps disabled) dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat dovecot: auth: Debug: auth client connected (pid=5293) dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=dtEqfrs9fwBo3ndE#011lip=1.2.3.4#011rip=123.123.123.123#011lport=143#011rport=6527 dovecot: auth: Debug: client passdb out: CONT#0111 dovecot: auth: Debug: client in: CONT#0111#011AHRlc3R1c2VyAHA= (previous base64 data may contain sensitive data) dovecot: auth: Debug: shadow(testuser,123.123.123.123,<dtEqfrs9fwBo3ndE>): lookup dovecot: auth: shadow(testuser,123.123.123.123,<dtEqfrs9fwBo3ndE>): unknown user dovecot: auth: Debug: client passdb out: FAIL#0111#011user=testuser dovecot: auth: Debug: client in: AUTH#0112#011PLAIN#011service=imap#011secured#011session=dtEqfrs9fwBo3ndE#011lip=1.2.3.4#011rip=123.123.123.123#011lport=143#011rport=6527#011resp=AHRlc3R1c2VyAHA= (previous base64 data may contain sensitive data) dovecot: auth: Debug: shadow(testuser,123.123.123.123,<dtEqfrs9fwBo3ndE>): lookup dovecot: auth: shadow(testuser,123.123.123.123,<dtEqfrs9fwBo3ndE>): unknown user dovecot: auth: Debug: client passdb out: FAIL#0112#011user=testuser dovecot: imap-login: Disconnected (auth failed, 2 attempts in 8 secs): user=<testuser>, method=PLAIN, rip=123.123.123.123, lip=1.2.3.4, TLS, session=<dtEqfrs9fwBo3ndE> dovecot: auth: Debug: auth client connected (pid=5296)
您很可能希望使用pam 密碼數據庫,而不是影子密碼數據庫。但是,如果您要使用影子數據庫,則需要禁用 auth-worker 程序(通過添加
args = blocking=no到該passdb部分)或讓 auth-workers 作為組執行shadow:service auth-worker { group = shadow }這兩個解決方案都來自 wiki。另一個好的解決方案是不使用系統密碼,而是使案例如passwd-file 數據庫。passwd 文件的範例:
passdb { driver = passwd-file args = scheme=SHA512-CRYPT username_format=%u /etc/dovecot/passwords }那麼對於密碼為“p”的範例使用者“testuser”,
/etc/dovecot/passwords將如下所示:testuser:{SHA512-CRYPT}$6$R6MuJ818vCtvNw1y$ALycf9nfP8mL7EZysLTZJlnNGuygRHhr9xCDFi8tlIHND4i6fI8wwY6t0dAL6rOY0Jat2iZmQgqz4vEFT/0fa1可以通過
doveadm pw -s SHA512-CRYPT(由於鹽漬,每次都會不同)獲得巨大的雜湊值。