Вопрос или проблема
Как и многие до меня, я оказался вынужденным восстановить свой сервер. Я почти всё наладил, но столкнулся с проблемой аутентификации, когда Thunderbird подключается к моему серверу для загрузки электронной почты.
- CentOS 7
- Dovecot 2.3.21
- Postfix 3.2.22
Ошибка
Nov 03 01:20:31 auth-worker(18531): Debug: conn unix:auth-worker (pid=18527,uid=993): auth-worker<2>: Handling PASSL request
Nov 03 01:20:31 auth-worker(18531): Debug: conn unix:auth-worker (pid=18527,uid=993): auth-worker<2>: sql([email protected],#.#.#.#,<FX1q1/0lRK0vLYhp>): Performing passdb lookup
Nov 03 01:20:31 auth-worker(18531): Debug: conn unix:auth-worker (pid=18527,uid=993): auth-worker<2>: sql([email protected],#.#.#.#,<FX1q1/0lRK0vLYhp>): query: SELECT username, domain, password FROM postfix_users WHERE domain = 'mydomain.commyuser' AND username="myuser"
Nov 03 01:20:31 auth-worker(18531): Debug: mysql(localhost): Finished query 'SELECT username, domain, password FROM postfix_users WHERE domain = 'mydomain.commyuser' AND username="myuser"' in 0 msecs
Nov 03 01:20:31 auth-worker(18531): Info: conn unix:auth-worker (pid=18527,uid=993): auth-worker<2>: sql([email protected],#.#.#.#,<FX1q1/0lRK0vLYhp>): unknown user
Nov 03 01:20:31 auth-worker(18531): Debug: conn unix:auth-worker (pid=18527,uid=993): auth-worker<2>: sql([email protected],#.#.#.#,<FX1q1/0lRK0vLYhp>): Finished passdb lookup
Если вы посмотрите на это, вы увидите странное:
[email protected]
Везде, где используется доменная часть (%d
) имени пользователя, она дополнена компонентом пользователя (%u
). Следует сказать, что то, что я должен был найти, было…
[email protected]
Поиск пользователя/пароля не удается, потому что SQL-запрос ищет domain = 'mydomain.commyuser'
.
Если кто-то сможет дать мне пояснения о том, что вызывает это, я буду очень благодарен!
Тайна углубляется
Я только что нашел эту строку в журнале: Dovecot правильно идентифицирует original_user
, но изменяет его на user
где-то.
Nov 03 03:21:32 auth: Debug: client passdb out: FAIL 1 [email protected] [email protected]
Вывод doveconf
1
# 2.3.21.1 (d492236fa0): /etc/dovecot/dovecot.conf
# Версия Pigeonhole 0.5.21.1 (49005e73)
# ОС: Linux 3.10.0-1160.119.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core) ext4
# Имя хоста: mydomain.com
# ЗАМЕТКА: Вместо этого отправьте вывод doveconf -n, когда спрашиваете о помощи.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_cache_verify_password_with_worker = no
auth_debug = yes
auth_debug_passwords = yes
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = cram-md5
auth_policy_check_after_auth = yes
auth_policy_check_before_auth = yes
auth_policy_hash_mech = sha256
auth_policy_hash_nonce =
auth_policy_hash_truncate = 12
auth_policy_log_only = no
auth_policy_reject_on_fail = no
auth_policy_report_after_auth = yes
auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s session_id=%{session}
auth_policy_server_api_header =
auth_policy_server_timeout_msecs = 2000
auth_policy_server_url =
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_stats = no
auth_use_winbind = no
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&.-_@+'
auth_username_format = %Lu%n
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_group = dovecot
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_flush_socket =
director_mail_servers =
director_max_parallel_kicks = 100
director_max_parallel_moves = 100
director_output_buffer_size = 10 M
director_ping_idle_timeout = 30 secs
director_ping_max_timeout = 1 mins
director_servers =
director_user_expire = 15 mins
director_user_kick_delay = 2 secs
director_username_hash = %Lu
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_api_key =
doveadm_http_rawlog_dir =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_ssl = no
doveadm_username = doveadm
doveadm_worker_count = 0
dsync_alt_char = _
dsync_commit_msgs_interval = 100
dsync_features =
dsync_hashed_headers = Date Message-ID
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 1000
haproxy_timeout = 3 secs
haproxy_trusted_networks =
hostname =
imap_capability =
imap_client_workarounds = delay-newmail
imap_fetch_failure = disconnect-immediately
imap_hibernate_timeout = 0
imap_id_log =
imap_id_retain = no
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_literal_minus = no
imap_logout_format = rcvd=%i, sent=%o
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_cmd_timeout = 5 mins
imapc_connection_retry_count = 1
imapc_connection_retry_interval = 1 secs
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_max_line_length = 0
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_sasl_mechanisms =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ CORE_OUTOFMEM CORE_ERROR LISTEN_PID LISTEN_FDS NOTIFY_SOCKET
info_log_path = /var/log/dovecot-info.log
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/libexec/dovecot
listen = *, ::
lmtp_add_received_header = yes
lmtp_client_workarounds =
lmtp_hdr_delivery_address = final
lmtp_proxy = no
lmtp_proxy_rawlog_dir =
lmtp_rawlog_dir =
lmtp_rcpt_check_quota = no
lmtp_save_to_detail_mailbox = no
lmtp_user_concurrency_limit = 0
lmtp_verbose_replies = no
lock_method = fcntl
log_core_filter =
log_debug =
log_path = /var/log/dovcot.log
log_timestamp = "%b %d %H:%M:%S "
login_access_sockets =
login_greeting = Dovecot ready.
login_log_format = %$: %s
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c session=<%{session}>
login_plugin_dir = /usr/lib64/dovecot/login
login_plugins =
login_proxy_max_disconnect_delay = 0
login_proxy_max_reconnects = 3
login_proxy_notify_path = proxy-notify
login_proxy_rawlog_dir =
login_proxy_timeout = 30 secs
login_source_ips =
login_trusted_networks =
mail_access_groups =
mail_always_cache_fields =
mail_attachment_detection_options =
mail_attachment_dir =
mail_attachment_fs = sis posix
mail_attachment_hash = %{sha1}
mail_attachment_min_size = 128 k
mail_attribute_dict =
mail_cache_fields = flags
mail_chroot =
mail_debug = yes
mail_fsync = optimized
mail_full_filesystem_access = no
mail_gid =
mail_home = /var/qmail/mailnames/%Ld/%Ln
mail_location = maildir:/var/qmail/mailnames/%Ld/%Ln/Maildir:UTF-8
mail_log_prefix = "service=%s, user=%u, ip=[%r]. "
mail_max_keyword_length = 50
mail_max_lock_timeout = 0
mail_max_userip_connections = 10
mail_never_cache_fields = imap.envelope
mail_nfs_index = no
mail_nfs_storage = no
mail_plugin_dir = /usr/lib64/dovecot
mail_plugins =
mail_prefetch_count = 0
mail_privileged_group =
mail_save_crlf = no
mail_server_admin =
mail_server_comment =
mail_shared_explicit_inbox = no
mail_sort_max_read_count = 0
mail_temp_dir = /tmp
mail_temp_scan_interval = 1 weeks
mail_uid =
mail_vsize_bg_after_count = 0
mailbox_idle_check_interval = 30 secs
mailbox_list_index = yes
mailbox_list_index_include_inbox = no
mailbox_list_index_very_dirty_syncs = no
maildir_broken_filename_sizes = no
maildir_copy_with_hardlinks = yes
maildir_empty_new = no
maildir_stat_dirs = no
maildir_very_dirty_syncs = no
managesieve_client_workarounds =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 64 k
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify
mbox_dirty_syncs = yes
mbox_dotlock_change_timeout = 2 mins
mbox_lazy_writes = yes
mbox_lock_timeout = 5 mins
mbox_md5 = apop3d
mbox_min_index_size = 0
mbox_read_locks = fcntl
mbox_very_dirty_syncs = no
mbox_write_locks = fcntl
mdbox_preallocate_space = no
mdbox_rotate_interval = 0
mdbox_rotate_size = 10 M
mmap_disable = no
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Drafts
}
mailbox Sent {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Sent
}
mailbox "Sent Messages" {
auto = no
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Sent
}
mailbox Spam {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Junk
}
mailbox Trash {
auto = create
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
}
order = 0
prefix =
separator = .
subscriptions = yes
type = private
}
old_stats_carbon_interval = 30 secs
old_stats_carbon_name =
old_stats_carbon_server =
old_stats_command_min_time = 1 mins
old_stats_domain_min_time = 12 hours
old_stats_ip_min_time = 12 hours
old_stats_memory_limit = 16 M
old_stats_session_min_time = 15 mins
old_stats_user_min_time = 1 hours
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
auth_verbose = default
default_fields =
deny = no
driver = sql
master = no
mechanisms =
name =
override_fields =
pass = no
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
username_filter =
}
plugin {
acl = vfile:/var/qmail/conf.d/%d/acls:cache_secs=300
quota = dict:user::file:%h/maildir/dovecot-quota
quota-rule = *:storage=1GB
quota_rule2 = Trash:storae=+10%%
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /var/qmail/conf.d/%d/sieve
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_delete_type = default
pop3_deleted_flag =
pop3_enable_last = no
pop3_fast_size_lookups = no
pop3_lock_session = no
pop3_logout_format = rcvd=%i, sent=%o, top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
pop3_no_flag_updates = no
pop3_reuse_xuidl = no
pop3_save_uidl = no
pop3_uidl_duplicates = allow
pop3_uidl_format = UID%u-%v
pop3c_features =
pop3c_host =
pop3c_master_user =
pop3c_password =
pop3c_port = 110
pop3c_quick_received_date = no
pop3c_rawlog_dir =
pop3c_ssl = no
pop3c_ssl_verify = yes
pop3c_user = %u
postmaster_address = [email protected]
process_shutdown_filter =
protocols = imap pop3 lmtp sieve
quota_full_tempfail = no
rawlog_dir =
recipient_delimiter = +
rejection_reason = Your message to <%t> was automatically rejected:%n%r
rejection_subject = Rejected: %s
replication_dsync_parameters = -d -N -l 30 -U
replication_full_sync_interval = 1 days
replication_max_conns = 10
replicator_host = replicator
replicator_port = 0
sendmail_path = /usr/sbin/sendmail
service aggregator {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = aggregator
extra_groups =
fifo_listener replication-notify-fifo {
group =
mode = 0600
user =
}
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener replication-notify {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service anvil {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = anvil
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 1
protocol =
service_count = 0
type = anvil
unix_listener anvil-auth-penalty {
group =
mode = 0600
user =
}
unix_listener anvil {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service auth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = auth -w
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = worker
unix_listener auth-worker {
group =
mode = 0600
user = $default_internal_user
}
user = root
vsz_limit = 18446744073709551615 B
}
service auth {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = auth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-client {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-login {
group =
mode = 0600
user = $default_internal_user
}
unix_listener auth-master {
group =
mode = 0600
user =
}
unix_listener auth-userdb {
group =
mode = 0666
user = $default_internal_user
}
unix_listener login/login {
group =
mode = 0666
user =
}
unix_listener token-login/tokenlogin {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service config {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = config
extra_groups =
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type = config
unix_listener config {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service dict-async {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict-async {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dict {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dict
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dict {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service director {
chroot = .
client_limit = 0
drop_priv_before_exec = no
executable = director
extra_groups =
fifo_listener login/proxy-notify {
group =
mode = 00
user =
}
group =
idle_kill = 4294967295 secs
inet_listener {
address =
haproxy = no
port = 0
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener director-admin {
group =
mode = 0600
user =
}
unix_listener director-userdb {
group =
mode = 0600
user =
}
unix_listener login/director {
group =
mode = 00
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service dns-client {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = dns-client
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener dns-client {
group =
mode = 0666
user =
}
unix_listener login/dns-client {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service doveadm {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = doveadm-server
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 1
type =
unix_listener doveadm-server {
group =
mode = 0600
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-hibernate {
chroot =
client_limit = 0
drop_priv_before_exec = no
executable = imap-hibernate
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 0
type =
unix_listener imap-hibernate {
group = $default_internal_group
mode = 0660
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = imap-login
extra_groups =
group =
idle_kill = 0
inet_listener imap {
address =
haproxy = no
port = 143
reuse_port = no
ssl = no
}
inet_listener imaps {
address =
haproxy = no
port = 993
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-login {
chroot = token-login
client_limit = 0
drop_priv_before_exec = no
executable = imap-urlauth-login
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = imap
service_count = 1
type = login
unix_listener imap-urlauth {
group =
mode = 0666
user =
}
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service imap-urlauth-worker {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth-worker
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-urlauth-worker {
group =
mode = 0600
user = $default_internal_user
}
user =
vsz_limit = 18446744073709551615 B
}
service imap-urlauth {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap-urlauth
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener token-login/imap-urlauth {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service imap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = imap
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = imap
service_count = 1
type =
unix_listener imap-master {
group =
mode = 0600
user =
}
unix_listener login/imap {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service ipc {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = ipc
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener ipc {
group =
mode = 0600
user = $default_internal_user
}
unix_listener login/ipc-proxy {
group =
mode = 0600
user = $default_login_user
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service lmtp {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = lmtp
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = lmtp
service_count = 0
type =
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
unix_listener lmtp {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service managesieve-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = managesieve-login
extra_groups =
group =
idle_kill = 0
inet_listener sieve {
address =
haproxy = no
port = 4190
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service managesieve {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = managesieve
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = sieve
service_count = 1
type =
unix_listener login/sieve {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service old-stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = old-stats
extra_groups =
fifo_listener old-stats-mail {
group =
mode = 0600
user =
}
fifo_listener old-stats-user {
group =
mode = 0600
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener old-stats {
group =
mode = 0600
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service pop3-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = pop3-login
extra_groups =
group =
idle_kill = 0
inet_listener pop3 {
address =
haproxy = no
port = 110
reuse_port = no
ssl = no
}
inet_listener pop3s {
address =
haproxy = no
port = 995
reuse_port = no
ssl = yes
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = pop3
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service pop3 {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = pop3
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = pop3
service_count = 1
type =
unix_listener login/pop3 {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service submission-login {
chroot = login
client_limit = 0
drop_priv_before_exec = no
executable = submission-login
extra_groups =
group =
idle_kill = 0
inet_listener submission {
address =
haproxy = no
port = 587
reuse_port = no
ssl = no
}
privileged_group =
process_limit = 0
process_min_avail = 0
protocol = submission
service_count = 1
type = login
user = $default_login_user
vsz_limit = 18446744073709551615 B
}
service submission {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = submission
extra_groups = $default_internal_group
group =
idle_kill = 0
privileged_group =
process_limit = 1024
process_min_avail = 0
protocol = submission
service_count = 1
type =
unix_listener login/submission {
group =
mode = 0666
user =
}
user =
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
chroot =
client_limit = 1
drop_priv_before_exec = no
executable = tcpwrap
extra_groups =
group =
idle_kill = 0
privileged_group =
process_limit = 0
process_min_avail = 0
protocol =
service_count = 0
type =
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
shutdown_clients = yes
ssl = required
ssl_alt_cert =
ssl_alt_key =
ssl_ca =
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_cert_username_field = commonName
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl_cipher_suites =
ssl_client_ca_dir =
ssl_client_ca_file =
ssl_client_cert =
ssl_client_key =
ssl_client_require_valid_cert = yes
ssl_crypto_device =
ssl_curve_list =
ssl_dh = # скрыто, используйте -P, чтобы показать
ssl_key = # скрыто, используйте -P, чтобы показать
ssl_key_password =
ssl_min_protocol = TLSv1.2
ssl_options =
ssl_prefer_server_ciphers = yes
ssl_require_crl = yes
ssl_verify_client_cert = no
state_dir = /var/lib/dovecot
stats_http_rawlog_dir =
stats_writer_socket_path = stats-writer
submission_client_workarounds =
submission_host =
submission_logout_format = in=%i out=%o
submission_max_mail_size = 0
submission_max_recipients = 0
submission_relay_command_timeout = 5 mins
submission_relay_connect_timeout = 30 secs
submission_relay_host =
submission_relay_master_user =
submission_relay_max_idle_time = 29 mins
submission_relay_password =
submission_relay_port = 25
submission_relay_rawlog_dir =
submission_relay_ssl = no
submission_relay_ssl_verify = yes
submission_relay_trusted = no
submission_relay_user =
submission_ssl = no
submission_timeout = 30 secs
syslog_facility = local1
userdb {
args = uid=popuser gid=popuser home=/var/qmail/mailnames/%Ld/%Ln
auth_verbose = default
default_fields =
driver = static
name =
override_fields =
result_failure = continue
result_internalfail = continue
result_success = return-ok
skip = never
}
valid_chroot_dirs =
verbose_proctitle = yes
verbose_ssl = no
version_ignore = no
protocol lmtp {
mail_plugins = " sieve"
postmaster_address = [email protected]
}
protocol imap {
mail_plugins = " imap_acl imap_qota mail_log notify"
}
protocol sieve {
managesieve_logout_format = rcvd=%i, sent=%o
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify
}
local_name mydomain2.com {
ssl_cert = </etc/letsencrypt/live/mydomain2.com/fullchain.pem
ssl_key = # скрыто, используйте -P, чтобы показать
}
local_name mail.mydomain2.com {
ssl_cert = </etc/letsencrypt/live/mydomain2.com/fullchain.pem
ssl_key = # скрыто, используйте -P, чтобы показать
}
local_name mydomain.com {
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key = # скрыто, используйте -P, чтобы показать
}
local_name mail.mydomain.com {
ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
ssl_key = # скрыто, используйте -P, чтобы показать
}
dovecot-sql.conf.ext (dovecot.conf->10-auth.conf->auth-sql.conf.ext->dovecot-sql.conf.ext)
driver = mysql
connect = host=localhost dbname=XXXXXXXXXXXXXXXX user=XXXXXXXX password=XXXXXXXX
default_pass_scheme = MD5
password_query = \
SELECT username, domain, password \
FROM postfix_users WHERE username="%n" AND domain = '%d' AND active="Y"
user_query = \
SELECT home, uid, gid \
FROM postfix_users WHERE username="%n" AND domain = '%d' AND active="Y"
iterate_query = SELECT username AS user FROM postfix_users
1 В конфигурации отсутствуют несколько блоков. Я не знал, что SE имеет лимит в 30,000 символов на пост.
Ответ или решение
Ваша проблема с неверным форматом имени пользователя в Dovecot, который использует драйвер SQL, действительно может быть довольно запутанной. Давайте разберёмся в ней подробно и попробуем найти решение.
Что происходит?
Из логов видно, что Dovecot пытается выполнить SQL-запрос, но доменное имя некорректно формируется. Ваша строка логов:
query: SELECT username, domain, password FROM postfix_users WHERE domain = 'mydomain.commyuser' AND username="myuser"
содержит ошибку, где к доменному имени добавляется имя пользователя, что абсолютно неверно. Ожидалось, что Dovecot будет формировать запрос в форме:
domain = 'mydomain.com' AND username="myuser"
Почему это происходит?
В Dovecot возможна ошибка в конфигурации, которая приводит к неправильной обработке переменных для имени пользователя и домена. Основные моменты, на которые следует обратить внимание:
-
Формат имени пользователя: Ваша конфигурация
auth_username_format
установлена на%Lu%n
, что может быть частью проблемы. Это форматирует имя пользователя.%Lu
преобразует имя в нижний регистр, а%n
— это просто имя пользователя. Дважды проверьте, применяется ли это в вашем контексте. -
Запросы SQL: В вашем файле
dovecot-sql.conf.ext
, в секцияхpassword_query
иuser_query
, проверьте правильность использования форматов. Убедитесь, что SQL-запросы для получения имени пользователя и домена действительно верно обрабатываются и что передаваемые значения соответствуют ожидаемым.
Возможные решения
Рекомендуется:
-
Изменить
auth_username_format
: Попробуйте изменить формат имени пользователя на более простой вариант, чтобы увидеть, устранит ли это проблему. Рекомендуется к примеру установить%u
для имени пользователя. Обновите конфигурацию Dovecot и перезапустите сервис.auth_username_format = %u
-
Корректировка SQL-запросов: В конфигурационном файле
dovecot-sql.conf.ext
вы можете изменитьpassword_query
иuser_query
так, чтобы они использовали только правильно сформированные переменные%n
и%d
.password_query = SELECT username, domain, password FROM postfix_users WHERE username="%n" AND domain='%d' AND active="Y" user_query = SELECT home, uid, gid FROM postfix_users WHERE username="%n" AND domain='%d' AND active="Y"
-
Логи Dovecot: Периодически просматривайте логи Dovecot, так как они могут содержать дополнительную информацию о причинах ошибок. Вы уже включили
auth_debug
иauth_debug_passwords
, что поможет в отслеживании ошибок, так как вы понимаете, где происходит проблема.
Заключение
Скорее всего, проблема заключается в неправильной интерпретации переменных Dovecot, что приводит к формированию неверной строки запроса для базы данных. Исправляя формат имени пользователя, и корректируя SQL-запросы, вы сможете устранить эту проблему.
Несомненно, каждый из вышеперечисленных шагов должен помочь вам в разрешении этой ситуации. Если проблема останется нерешенной, стоит также проверить документацию Dovecot на предмет возможных обновлений и исправлений.