Dovecot: nenhuma tentativa de autenticação

3

No momento, estou configurando o postfix juntamente com o dovecot. Atualmente estou lutando com login SSL + IMAP. Eu habilitei o log de depuração, mas não consigo descobrir o que está errado. Aqui está o log:

Oct  8 19:16:08 dirty-harry dovecot: auth: Debug: auth client connected (pid=1776)
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: unknown state [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct  8 19:16:08 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [217.240.25.1]
Oct  8 19:16:13 dirty-harry dovecot: imap-login: Debug: SSL alert: close notify [217.240.25.1]
Oct  8 19:16:13 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 5 secs): user=<>, rip=217.240.25.1, lip=xxx, TLS: Disconnected, session=<bUkMr10+aADZ8BkB>

SSL de alguma forma parece funcionar, quando eu invoco o comman:

openssl  s_client -connect <mydomain>.net:993

Eu entendo que a negociação SSL foi bem sucedida.

Aqui está minha configuração do dovecot em dovecot -n

auth_debug_passwords = yes
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
protocols = imap lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 0
  }
}
service lmtp {
  unix_listener lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
ssl = required
ssl_cert = </<cert>.crt
ssl_key = </<cert>.key
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}
verbose_ssl = yes

O material SQL está funcionando e retornando os dados corretos.

EDITAR: Como por solicitação no comentário eu adicionei auth_debug = yes e tentei o login:

user@databueck01:/$ telnet domain.net 993
Trying <ip>...
Connected to domain.net.
Escape character is '^]'.
a10 login [email protected] password
Connection closed by foreign host.

O log se parece com:

Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: elliptic curve secp384r1 will be used for ECDH and ECDHE key exchanges
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Oct  8 19:42:34 dirty-harry dovecot: auth: Debug: auth client connected (pid=1941)
Oct  8 19:42:46 dirty-harry dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [217.240.25.1]
Oct  8 19:42:46 dirty-harry dovecot: imap-login: Disconnected (no auth attempts in 12 secs): user=<>, rip=217.240.25.1, lip=<ip>, TLS handshaking: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol, session=<y7v+DV4+cADZ8BkB>
    
por Nidhoegger 08.10.2016 / 19:20

0 respostas

Tags