Ошибки авторизации при установке почтового сервера [ dovecot ] (Postfix, MySQL, SpamAssassin, Roundcube в FreeBSD.)

[iNight]

Устанавливаю почтовый сервер по HOWTO:
http://www.arg.su/ru-RU/Postfix-MySQL-Spam...in-Maia-FreeBSD
Так что все конфиги стандартные для FreeBSD 8.2. Внесены изменения как в HOWTO.

Установка прошла вроде бы без ошибок, но я не могу подключиться почтовым клиентом (Thunderbird). Roundcube говорит "Не удаётся подключиться к серверу IMAP".

В /var/log/maillog

Код: Выделить всё

Dec 17 09:18:49 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6
Dec 17 09:18:49 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6
Dec 17 09:18:49 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6
Dec 17 09:18:50 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:18:50 mail postfix/smtpd[1481]: connect from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1482]: connect from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1485]: connect from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1485]: improper command pipelining after EHLO from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1485]: disconnect from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1481]: improper command pipelining after EHLO from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1481]: disconnect from unknown[192.168.0.21]
Dec 17 09:18:50 mail postfix/smtpd[1482]: improper command pipelining after EHLO from unknown[192.168.0.21]
Dec 17 09:18:50 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:18:50 mail postfix/smtpd[1482]: disconnect from unknown[192.168.0.21]
Dec 17 09:18:52 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6
Dec 17 09:18:52 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:18:53 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:18:56 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:18:56 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:19:20 mail dovecot: auth(default): userdb(night@doomgate.com,192.168.0.21): user not found from userdb passwd
Dec 17 09:19:20 mail dovecot: pop3-login: Internal login failure (auth failed, 1 attempts): user=<night@doomgate.com>, method=PLAIN, rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:19:35 mail dovecot: pop3-login: Disconnected (auth failed, 3 attempts): user=<night>, method=PLAIN, rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:22:13 mail postfix/anvil[1486]: statistics: max connection rate 2/60s for (smtp:192.168.0.21) at Dec 17 09:18:50
Dec 17 09:22:13 mail postfix/anvil[1486]: statistics: max connection count 2 for (smtp:192.168.0.21) at Dec 17 09:18:50
Dec 17 09:22:13 mail postfix/anvil[1486]: statistics: max cache size 2 at Dec 17 09:18:50
Dec 17 09:30:25 mail dovecot: auth(default): userdb(night@doomgate.com,127.0.0.1): user not found from userdb passwd
Dec 17 09:30:25 mail dovecot: pop3-login: Internal login failure (auth failed, 1 attempts): user=<night@doomgate.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Dec 17 09:32:11 mail dovecot: dovecot: Killed with signal 15 (by pid=1558 uid=0 code=kill)
Dec 17 09:32:11 mail dovecot: Dovecot v1.2.16 starting up
Dec 17 09:32:11 mail dovecot: auth-worker(default): mysql: Connected to localhost (postfix)
Dec 17 09:32:59 mail postfix/smtpd[1581]: connect from unknown[192.168.0.21]
Dec 17 09:32:59 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, secured
Dec 17 09:32:59 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, secured
Dec 17 09:32:59 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, secured
Dec 17 09:32:59 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:32:59 mail postfix/smtpd[1582]: connect from unknown[192.168.0.21]
Dec 17 09:32:59 mail postfix/smtpd[1584]: connect from unknown[192.168.0.21]
Dec 17 09:32:59 mail postfix/smtpd[1584]: disconnect from unknown[192.168.0.21]
Dec 17 09:32:59 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:32:59 mail postfix/smtpd[1581]: improper command pipelining after EHLO from unknown[192.168.0.21]
Dec 17 09:32:59 mail postfix/smtpd[1581]: disconnect from unknown[192.168.0.21]
Dec 17 09:32:59 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:32:59 mail postfix/smtpd[1582]: improper command pipelining after EHLO from unknown[192.168.0.21]
Dec 17 09:33:00 mail postfix/smtpd[1582]: disconnect from unknown[192.168.0.21]
Dec 17 09:33:00 mail dovecot: pop3-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS
Dec 17 09:33:02 mail dovecot: imap-login: Aborted login (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, secured
Dec 17 09:33:11 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:33:11 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:33:13 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Dec 17 09:33:13 mail dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

Сертификаты:

Код: Выделить всё

ls -la /etc/ssl/dovecot/
total 8
drwxr-xr-x  2 root  wheel   512 Dec 16 19:25 .
drwxr-xr-x  5 root  wheel   512 Dec 17 09:57 ..
-rw-r--r--  1 root  wheel  1367 Dec 16 19:24 cert.pem
-rw-r--r--  1 root  wheel   887 Dec 16 19:24 key.pem

 ls -la /etc/ssl/postfix/
total 8
drwxr-xr-x  2 root  postfix   512 Dec 16 20:01 .
drwxr-xr-x  5 root  wheel     512 Dec 17 09:57 ..
-rw-r-----  1 root  postfix  2254 Dec 16 20:01 smtpd.pem

Вывод postconf -n

Код: Выделить всё

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/local/sbin
config_directory = /usr/local/etc/postfix
daemon_directory = /usr/local/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
html_directory = /usr/local/share/doc/postfix
mail_owner = postfix
mailq_path = /usr/local/bin/mailq
manpage_directory = /usr/local/man
message_size_limit = 10240000
mynetworks_style = host
newaliases_path = /usr/local/bin/newaliases
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/local/share/doc/postfix
relay_domains = proxy:mysql:/usr/local/etc/postfix/mysql_relay_domains_maps.cf
sample_directory = /usr/local/etc/postfix
sendmail_path = /usr/local/sbin/sendmail
setgid_group = maildrop
smtp_tls_note_starttls_offer = yes
smtp_use_tls = yes
smtpd_recipient_restrictions = permit_mynetworks,    permit_sasl_authenticated,    reject_non_fqdn_sender,    reject_non_fqdn_recipient,    reject_unauth_destination,    reject_unauth_pipelining,    reject_invalid_hostname,
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks
smtpd_tls_CAfile = /etc/ssl/postfix/smtpd.pem
smtpd_tls_cert_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_key_file = /etc/ssl/postfix/smtpd.pem
smtpd_tls_loglevel = 0
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
smtpd_use_tls = yes
soft_bounce = no
tls_random_source = dev:/dev/urandom
transport_maps = hash:/usr/local/etc/postfix/transport
unknown_local_recipient_reject_code = 550
virtual_alias_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_alias_maps.cf
virtual_gid_maps = static:125
virtual_mailbox_base = /usr/local/virtual
virtual_mailbox_domains = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit = 51200000
virtual_mailbox_limit_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
virtual_mailbox_limit_override = yes
virtual_mailbox_maps = proxy:mysql:/usr/local/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_maildir_extended = yes
virtual_maildir_limit_message = Sorry, this user has overdrawn their diskspace quota. Please try again later.
virtual_minimum_uid = 125
virtual_overquota_bounce = yes
virtual_transport = virtual
virtual_uid_maps = static:125

telnet localhost 110

Код: Выделить всё

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK ISP Mail Server ready.
user test@doomgate.com
+OK
pass 1234
-ERR [IN-USE] Internal login failure. Refer to server log for more information.
Connection closed by foreign host.

[Ism]

Dec 17 09:19:20 mail dovecot: pop3-login: Internal login failure (auth failed, 1 attempts): user=<night@doomgate.com>, method=PLAIN, rip=192.168.0.21, lip=192.168.0.6, TLS

Могу ошибаться, но вы пытаетесь авторизоваться через plain text , а сервер требует шифрования.

SSL3_READ_BYTES:tlsv1 alert unknown ca

Как бы намекает на неправильный сертификат, по этой фразе в гугле много интересного

[iNight]

Сертификат я создавал таким образом:

Код: Выделить всё

#mkdir -p /etc/ssl/postfix
#cd /etc/ssl/postfix
#openssl req -new -x509 -nodes -out smtpd.pem -keyout smtpd.pem -days 3650
#chmod 640 /etc/ssl/postfix/smtpd.pem
#chgrp -R postfix /etc/ssl/postfix

Как можно выложить конфиг dovecot без комментариев?

[lastpriot]

Dec 17 09:18:50 mail dovecot: pop3-login: Disconnected (no auth attempts): rip=192.168.0.21, lip=192.168.0.6, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca

нету корневого сертификата

дамп опций dovecot: doveconf -a или dovecot -a

PS: HOWTO по которому делали какое-то "обрезанное"

[iNight]

дамп опций dovecot: doveconf -a или dovecot -a

PS: HOWTO по которому делали какое-то "обрезанное"

Буду благодарен, если посоветуйте другой вариант.

dovecot -a

Код: Выделить всё

# 1.2.16: /usr/local/etc/dovecot.conf
# OS: FreeBSD 8.2-RELEASE i386  ufs
base_dir: /var/run/dovecot
log_path:
info_log_path:
log_timestamp: %b %d %H:%M:%S
syslog_facility: mail
protocols: imap pop3 imaps pop3s
listen: *
ssl_listen:
ssl: yes
ssl_ca_file:
ssl_cert_file: /etc/ssl/dovecot/cert.pem
ssl_key_file: /etc/ssl/dovecot/key.pem
ssl_key_password:
ssl_parameters_regenerate: 168
ssl_cipher_list:
ssl_cert_username_field: commonName
ssl_verify_client_cert: no
disable_plaintext_auth: no
verbose_ssl: no
shutdown_clients: yes
nfs_check: yes
version_ignore: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_user: dovecot
login_greeting: ISP Mail Server ready.
login_log_format_elements: user=<%u> method=%m rip=%r lip=%l %c
login_log_format: %$: %s
login_process_per_connection: yes
login_chroot: yes
login_trusted_networks:
login_process_size: 64
login_processes_count: 3
login_max_processes_count: 128
login_max_connections: 256
valid_chroot_dirs:
mail_chroot:
max_mail_processes: 512
mail_max_userip_connections: 10
verbose_proctitle: yes
first_valid_uid: 125
last_valid_uid: 125
first_valid_gid: 125
last_valid_gid: 125
mail_access_groups:
mail_privileged_group: mail
mail_uid:
mail_gid:
mail_location: maildir:/usr/local/virtual/%d/%n
mail_cache_fields:
mail_never_cache_fields: imap.envelope
mail_cache_min_mail_count: 0
mailbox_idle_check_interval: 30
mail_debug: no
mail_full_filesystem_access: no
mail_max_keyword_length: 50
mail_save_crlf: no
mmap_disable: no
dotlock_use_excl: yes
fsync_disable: no
mail_nfs_storage: no
mail_nfs_index: no
mailbox_list_index_disable: yes
lock_method: fcntl
maildir_stat_dirs: no
maildir_copy_with_hardlinks: yes
maildir_copy_preserve_filename: no
maildir_very_dirty_syncs: no
mbox_read_locks: fcntl
mbox_write_locks: dotlock fcntl
mbox_lock_timeout: 300
mbox_dotlock_change_timeout: 120
mbox_min_index_size: 0
mbox_dirty_syncs: yes
mbox_very_dirty_syncs: no
mbox_lazy_writes: yes
dbox_rotate_size: 2048
dbox_rotate_min_size: 16
dbox_rotate_days: 1
mail_drop_priv_before_exec: no
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_process_size: 256
mail_plugins(default): quota imap_quota
mail_plugins(imap): quota imap_quota
mail_plugins(pop3): quota
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
mail_log_prefix: %Us(%u):
mail_log_max_lines_per_sec: 10
imap_max_line_length: 65536
imap_capability:
imap_client_workarounds(default): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
imap_client_workarounds(pop3):
imap_logout_format: bytes=%i/%o
imap_id_send:
imap_id_log:
imap_idle_notify_interval: 120
pop3_no_flag_updates: no
pop3_enable_last: no
pop3_reuse_xuidl: no
pop3_save_uidl: no
pop3_lock_session: no
pop3_uidl_format: %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
pop3_logout_format: top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
dict_db_config:
dict_process_count: 1
managesieve_max_line_length: 65536
managesieve_logout_format: bytes=%i/%o
managesieve_implementation_string: dovecot
lda:
  postmaster_address: postmaster@domine.com
  sendmail_path: /usr/sbin/sendmail
auth default:
  mechanisms: digest-md5 cram-md5
  realms:
  default_realm:
  cache_size: 0
  cache_ttl: 3600
  cache_negative_ttl: 3600
  executable: /usr/local/libexec/dovecot/dovecot-auth
  user: root
  chroot:
  username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
  username_translation:
  username_format:
  master_user_separator:
  anonymous_username: anonymous
  krb5_keytab:
  gssapi_hostname:
  winbind_helper_path: /usr/bin/ntlm_auth
  failure_delay: 2
  verbose: no
  debug: no
  debug_passwords: no
  ssl_require_client_cert: no
  ssl_username_from_cert: no
  use_winbind: no
  count: 1
  worker_max_count: 30
  process_size: 256
  passdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
    deny: no
    pass: no
    master: no
  userdb:
    driver: sql
    args: /usr/local/etc/dovecot-sql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix
    master:
      path: /var/run/dovecot/auth-master
      mode: 384
      user:
      group: