Conexão imediata Dovecot fechada [fechada]

1

Eu configurei um servidor de e-mail seguindo o link e ao tentar conectar um cliente ( Outlook 365) não consegue se conectar ao servidor SMTP. Verificando o mail.log com verbosidade completa do Dovecot, parece que ele está autenticando o IMAP, fechando imediatamente a conexão.

Aqui está o meu mail.log ao tentar conectar o cliente apenas uma vez.

Jun 21 07:53:50 mail dovecot: master: Warning: Killed with signal 15 (by pid=10163 uid=0 code=kill)
Jun 21 07:53:50 mail dovecot: imap([email protected]): Server shutting down. in=152 out=2220
Jun 21 07:53:50 mail dovecot: master: Dovecot v2.2.27 (c0f36b0) starting up for imap, lmtp, sieve (core dumps disabled)
Jun 21 07:53:56 mail postfix[10184]: Postfix is running with backwards-compatible default settings
Jun 21 07:53:56 mail postfix[10184]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jun 21 07:53:56 mail postfix[10184]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jun 21 07:53:56 mail postfix/postfix-script[10190]: stopping the Postfix mail system
Jun 21 07:53:56 mail postfix/master[5066]: terminating on signal 15
Jun 21 07:53:56 mail postfix[10253]: Postfix is running with backwards-compatible default settings
Jun 21 07:53:56 mail postfix[10253]: See http://www.postfix.org/COMPATIBILITY_README.html for details
Jun 21 07:53:56 mail postfix[10253]: To disable backwards compatibility use "postconf compatibility_level=2" and "postfix reload"
Jun 21 07:53:57 mail postfix/postfix-script[10352]: starting the Postfix mail system
Jun 21 07:53:57 mail postfix/master[10354]: daemon started -- version 3.1.8, configuration /etc/postfix
Jun 21 07:54:00 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jun 21 07:54:00 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jun 21 07:54:00 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Jun 21 07:54:00 mail dovecot: auth: Debug: auth client connected (pid=10359)
Jun 21 07:54:00 mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=g4gzkiVv7OesUygU#011lip=208.146.44.129#011rip=172.83.40.20#011lport=993#011rport=59372#011local_name=imap.mysite.ca#011resp=AEpvc2hAandha2UuY2EAMXBPb3AyVFQ= (previous base64 data may contain sensitive data)
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<g4gzkiVv7OesUygU>): query: SELECT username AS user, domain, password FROM accounts WHERE username = 'josh' AND domain = 'mysite.ca' and enabled = true;
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<g4gzkiVv7OesUygU>): username changed [email protected] -> Josh
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: sql(Josh,172.83.40.20,<g4gzkiVv7OesUygU>): username changed Josh -> [email protected]
Jun 21 07:54:00 mail dovecot: auth: Debug: sql([email protected],172.83.40.20,<g4gzkiVv7OesUygU>): username changed [email protected] -> [email protected]
Jun 21 07:54:00 mail dovecot: auth: Debug: sql([email protected],172.83.40.20,<g4gzkiVv7OesUygU>): username changed [email protected] -> Josh
Jun 21 07:54:00 mail dovecot: auth: Debug: sql(Josh,172.83.40.20,<g4gzkiVv7OesUygU>): username changed Josh -> [email protected]
Jun 21 07:54:00 mail dovecot: auth: Debug: client passdb out: OK#0111#[email protected]
Jun 21 07:54:00 mail dovecot: auth: Debug: master in: REQUEST#0111298792449#01110359#0111#011eea41cbba6c921b40a93a702989eed61#011session_pid=10363#011request_auth_token
Jun 21 07:54:00 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<g4gzkiVv7OesUygU>): SELECT concat('*:storage=', quota, 'M') AS quota_rule FROM accounts WHERE username = 'Josh' AND domain = 'mysite.ca' AND sendonly = false;
Jun 21 07:54:00 mail dovecot: auth: Debug: master userdb out: USER#0111298792449#[email protected]#011quota_rule=*:storage=2048M#011auth_token=6716f415ff804ba96add892baeeaecff7f0592cd
Jun 21 07:54:00 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=172.83.40.20, lip=208.146.44.129, mpid=10363, TLS, session=<g4gzkiVv7OesUygU>
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Loading modules from directory: /usr/lib/dovecot/modules
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_antispam_plugin.so
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Added userdb setting: plugin/quota_rule=*:storage=2048M
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Effective uid=1001, gid=1001, home=/var/vmail/mailboxes/mysite.ca/Josh
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Quota root: name=User quota backend=maildir args=
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Quota rule: root=User quota mailbox=* bytes=2147483648 messages=0
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Quota grace: root=User quota bytes=214748364 (10%)
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail:LAYOUT=fs
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: fs: root=/var/vmail/mailboxes/mysite.ca/Josh/mail, index=, indexpvt=, control=, inbox=/var/vmail/mailboxes/mysite.ca/Josh/mail, alt=
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag check: STORAGE ret=1 value=0 limit=2097152
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag check: MESSAGE ret=0 value=0 limit=0
Jun 21 07:54:00 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag=0((null)) vs currently overquota=0
Jun 21 07:54:33 mail dovecot: auth: Debug: auth client connected (pid=10381)
Jun 21 07:54:34 mail dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=vIIvlCVv8eesUygU#011lip=208.146.44.129#011rip=172.83.40.20#011lport=143#011rport=59377#011local_name=mail.mysite.ca#011resp=AEpvc2hAandha2UuY2EAMXBPb3AyVFQ= (previous base64 data may contain sensitive data)
Jun 21 07:54:34 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<vIIvlCVv8eesUygU>): query: SELECT username AS user, domain, password FROM accounts WHERE username = 'josh' AND domain = 'mysite.ca' and enabled = true;
Jun 21 07:54:34 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<vIIvlCVv8eesUygU>): username changed [email protected] -> Josh
Jun 21 07:54:34 mail dovecot: auth-worker(10362): Debug: sql(Josh,172.83.40.20,<vIIvlCVv8eesUygU>): username changed Josh -> [email protected]
Jun 21 07:54:34 mail dovecot: auth: Debug: sql([email protected],172.83.40.20,<vIIvlCVv8eesUygU>): username changed [email protected] -> [email protected]
Jun 21 07:54:34 mail dovecot: auth: Debug: sql([email protected],172.83.40.20,<vIIvlCVv8eesUygU>): username changed [email protected] -> Josh
Jun 21 07:54:34 mail dovecot: auth: Debug: sql(Josh,172.83.40.20,<vIIvlCVv8eesUygU>): username changed Josh -> [email protected]
Jun 21 07:54:34 mail dovecot: auth: Debug: client passdb out: OK#0111#[email protected]
Jun 21 07:54:34 mail dovecot: auth: Debug: master in: REQUEST#0111986658305#01110381#0111#0114a81a655e2fd95775a69d67377032381#011session_pid=10382#011request_auth_token
Jun 21 07:54:34 mail dovecot: auth-worker(10362): Debug: sql([email protected],172.83.40.20,<vIIvlCVv8eesUygU>): SELECT concat('*:storage=', quota, 'M') AS quota_rule FROM accounts WHERE username = 'Josh' AND domain = 'mysite.ca' AND sendonly = false;
Jun 21 07:54:34 mail dovecot: auth: Debug: master userdb out: USER#0111986658305#[email protected]#011quota_rule=*:storage=2048M#011auth_token=345528122fb785f133c083192ec59c03663f0b95
Jun 21 07:54:34 mail dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=172.83.40.20, lip=208.146.44.129, mpid=10382, TLS, session=<vIIvlCVv8eesUygU>
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Loading modules from directory: /usr/lib/dovecot/modules
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_antispam_plugin.so
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Added userdb setting: plugin/quota_rule=*:storage=2048M
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Effective uid=1001, gid=1001, home=/var/vmail/mailboxes/mysite.ca/Josh
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Quota root: name=User quota backend=maildir args=
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Quota rule: root=User quota mailbox=* bytes=2147483648 messages=0
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Quota grace: root=User quota bytes=214748364 (10%)
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/mail:LAYOUT=fs
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: fs: root=/var/vmail/mailboxes/mysite.ca/Josh/mail, index=, indexpvt=, control=, inbox=/var/vmail/mailboxes/mysite.ca/Josh/mail, alt=
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag check: STORAGE ret=1 value=0 limit=2097152
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag check: MESSAGE ret=0 value=0 limit=0
Jun 21 07:54:34 mail dovecot: imap([email protected]): Debug: quota: quota_over_flag=0((null)) vs currently overquota=0
Jun 21 07:54:34 mail dovecot: imap([email protected]): Connection closed (IDLE running for 0.001 + waiting input for 0.001 secs, 2 B in + 10+10 B out, state=wait-input) in=11 out=372
Jun 21 07:57:10 mail postfix/postscreen[10463]: CONNECT from [185.234.218.188]:64778 to [208.146.44.129]:25
Jun 21 07:57:10 mail postfix/postscreen[10463]: PREGREET 11 after 0.16 from [185.234.218.188]:64778: EHLO User\r\n
Jun 21 07:57:10 mail postfix/postscreen[10463]: DISCONNECT [185.234.218.188]:64778
Jun 21 07:58:51 mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jun 21 07:58:51 mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jun 21 07:58:51 mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Jun 21 07:58:51 mail dovecot: auth: Debug: auth client connected (pid=10530)
Jun 21 08:01:52 mail dovecot: imap-login: Disconnected: Inactivity (no auth attempts in 181 secs): user=<>, rip=92.63.193.40, lip=208.146.44.129, TLS, session=<4VNJriVvVWVcP8Eo>

De vez em quando, quando inativo, recebo

Jun 21 08:17:12 mail dovecot: auth: Debug: sql([email protected],92.63.193.40,<KGX85CVv3MlcP8Eo>): username changed [email protected] -> Josh
Jun 21 08:17:12 mail dovecot: auth: Debug: sql(Josh,92.63.193.40,<KGX85CVv3MlcP8Eo>): username changed Josh -> [email protected]
Jun 21 08:17:14 mail dovecot: auth: Debug: client passdb out: FAIL#0111#[email protected]#[email protected]
Jun 21 08:17:14 mail dovecot: imap-login: Debug: Ignoring unknown passdb extra field: original_user
Jun 21 08:17:25 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 16 secs): user=<[email protected]>, method=PLAIN, rip=92.63.193.40, lip=208.146.44.129, TLS, session=<KGX85CVv3MlcP8Eo>

Agora eu não tenho certeza para onde ir a partir daqui. Deixe-me saber se mais registros ou configurações são necessários.

Configurações do servidor no Outlook:

Incoming: mail.mysite.ca port 143 STARTTLS
Outgoing: mail.mysite.ca port 587 STARTTLS

EDIT1:

Eu notei quando o postfix mostra no log que ele está tentando se conectar na porta 25, eu acho? Ele raramente aparece no log. Tentar a porta 25 no outlook não funciona.

Deixa pra lá, é normal que o pregreet esteja na porta 25.

EDIT2:

A definição de dovecot para performance não parece mudar nada.

EDIT3:

netstat: Parece que meu servidor está escutando na porta 25 e 587, certo?

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:7832            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 208.146.44.129:25       0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:8953          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:4190            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11332         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11333         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:11334         0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN
tcp        0      0 208.146.44.129:587      0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN
tcp6       0      0 :::143                  :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::7832                 :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 ::1:8953                :::*                    LISTEN
tcp6       0      0 :::443                  :::*                    LISTEN
tcp6       0      0 :::4190                 :::*                    LISTEN
tcp6       0      0 :::993                  :::*                    LISTEN
tcp6       0      0 ::1:11332               :::*                    LISTEN
tcp6       0      0 ::1:11333               :::*                    LISTEN
tcp6       0      0 ::1:11334               :::*                    LISTEN
tcp6       0      0 ::1:587                 :::*                    LISTEN
udp        0      0 0.0.0.0:21902           0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:26738           0.0.0.0:*

EDIT4: netstat -nap | awk 'NR<3 || /:25/ || /:587/'

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      814/master
tcp        0      0 208.146.44.129:25       0.0.0.0:*               LISTEN      814/master
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN      814/master
tcp        0      0 208.146.44.129:587      0.0.0.0:*               LISTEN      814/master
tcp6       0      0 ::1:25                  :::*                    LISTEN      814/master
tcp6       0      0 ::1:587                 :::*                    LISTEN      814/master
    
por JoshQuake 21.06.2018 / 14:42

2 respostas

1

Aqui, um cliente SMTP fala antes de falar:

Jun 21 07:57:10 mail postfix/postscreen[10463]: CONNECT from [185.234.218.188]:64778 to [208.146.44.129]:25
Jun 21 07:57:10 mail postfix/postscreen[10463]: PREGREET 11 after 0.16 from [185.234.218.188]:64778: EHLO User\r\n
Jun 21 07:57:10 mail postfix/postscreen[10463]: DISCONNECT [185.234.218.188]:64778

Isso está violando o protocolo e, portanto, a conexão é descartada. E possivelmente até na lista negra por um tempo curto.

Seu cliente deve estar realmente falando - com autenticação - no 587, não no dia 25.

    
por 22.06.2018 / 08:01
0

O imap-login do Dovecot pode ser configurado de duas maneiras: para máxima segurança e para desempenho máximo. Quando configurado para segurança, cada conexão usava seu próprio processo até a desconexão. Se o limite de possíveis processos bifurcados não for alcançado, nenhuma nova conexão será aceita. Quando configurado para desempenho, todas as conexões de entrada são atendidas pelo único imap-login processo que não tem limites para o número de conexões simultâneas. "Segurança máxima" não significa que a configuração de desempenho seja insegura, mas a configuração segura é paranóica. Portanto, você pode configurar facilmente seu dovecot para desempenho:

service imap-login {
  inet_listener imap {
    port    = 143
  }
  service_count = 0      ## 0 for performance, 1 for security
  process_min_avail = 1
}

Outras leituras podem ser encontradas aqui: link

    
por 21.06.2018 / 14:54