RHEL4上的pop3和imap用户认证问题

Lyychee

[root@mysun pam.d]# telnet mysun.org 110
-ERR Unrecognized command
Trying 127.0.0.1...
-ERR Unrecognized command
Connected to localhost.localdomain (127.0.0.1).
-ERR Unrecognized command
Escape character is '^]'.
-ERR Unrecognized command
+OK mysun.org Cyrus POP3 v2.2.10-Invoca-RPM-2.2.10-1.RHEL4.1 server ready <3504292301.1131128924@mysun.org>
-ERR Unrecognized command
user lyychee
+OK Name is a valid mailbox
+OK Name is a valid mailbox
-ERR Unrecognized command
pass xxxxxxxx
-ERR [AUTH] Invalid login
-ERR [AUTH] Invalid login
请问这个怎么解决？

cxfcxf

why not use pam_listfile.so ??
i think that will make it batter
and
i get the same question with u for using access.so in dovecot setting

zaiwen

I have done the same test and have no problem at all.  RHEL 4's pop3 and imap authentication work very fine...both access.so and listfile.so are OK....

Don't just use telnet to test...use Outlook express or Microsoft Outlook.  You can tell the result immidiately.  

How does your /etc/security/access.conf look like?  Try adding a user:

-:user1:ALL

This should block user1 from using your pop3 from all machines.

cxfcxf

Post by zaiwen


How does your /etc/security/access.conf look like?  Try adding a user:

-:user1:ALL

This should block user1 from using your pop3 from all machines.

that should block group named user1 from ...........

zaiwen

NO, it applies to both.

IN /etc/security/access.conf,

# The second field should be a list of one or more login names, group
# names, or ALL (always matches). A pattern of the form user@host is
# matched when the login name matches the "user" part, and when the
# "host" part matches the local machine name.

zaiwen

SORRY for any confusion in my previous reply.

Yes, suddenly5171 is right, dovecot似乎在PAM中不支持pam_access.so

When I did my test, I just made sure user1 is blocked (negative testing), but I forgot to verify other users are allowed.  As sunndely5171 has said,  if "Aaccount required pam_access.so" is added in /etc/pam.d/dovecot, 任何用户都无法登陆POP3服务器(没有在/etc/security/access.conf里添加用户).

cxfcxf said, "why not use pam_listfile.so ??

because pam_listfile.so can only 基于用户控制, it can NOT do 基于主机控制.

To do 基于主机控制, I think you have to either use iptables, or use xinetd来守护 instead of dovecot，具体做法请看：
http://wiki.dovecot.org/moin.cgi/InetdInstall

I tested this way and it works fine.

chinajz

rhel4中的pop和impa 包含在cyrus-imapd 软件包内。
cyrus-imapd-utils 则包含cyradm 等管理工具，运行工具则依赖perl
修改/etc/mail/sentmail.mc中为：
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
m4  /etc/mail/sentmail.mc>/etc/mail/sentmail.cf
全部安装完成后，用evolution设置接收邮件无论是pop还是imap都工作的很好，发送邮件服务器用smtp或sendmail也正常。问题是，在telnet localhost 110 或143中，总是不能通过验证，就象：
[root@main ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK main.8280666.com Cyrus POP3 v2.2.10-Invoca-RPM-2.2.10-1.RHEL4.1 server ready <1497501354.1132808516@main.8280666.com>
user cyrus
+OK Name is a valid mailbox
pass cyrus
-ERR [AUTH] Invalid login
这个原因的答案一直找不到，不知谁解决过

cxfcxf

hostbased can be done by iptables
iptables -A INPUT -s xxx.yyy.zzz.ooo -p tcp --dport 110 -j DROP
iptables -A INPUT -s xxx.yyy.zzz.ooo -p tcp --dport 143 -j DROP

ecloud

Post by chinajz
rhel4中的pop和impa 包含在cyrus-imapd 软件包内。
cyrus-imapd-utils 则包含cyradm 等管理工具，运行工具则依赖perl
修改/etc/mail/sentmail.mc中为：
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
m4  /etc/mail/sentmail.mc>/etc/mail/sentmail.cf
全部安装完成后，用evolution设置接收邮件无论是pop还是imap都工作的很好，发送邮件服务器用smtp或sendmail也正常。问题是，在telnet localhost 110 或143中，总是不能通过验证，就象：
[root@main ~]# telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
+OK main.8280666.com Cyrus POP3 v2.2.10-Invoca-RPM-2.2.10-1.RHEL4.1 server ready <1497501354.1132808516@main.8280666.com>
user cyrus
+OK Name is a valid mailbox
pass cyrus
-ERR [AUTH] Invalid login
这个原因的答案一直找不到，不知谁解决过

RHEL4默认的pop/imap服务器端是dovecot，不是cyrus，而且考试也不会考cyrus ,cyrus一般是配合虚拟域来用的
dovecot的pam配置文件是/etc/pam.d/dovecot，不是什么pop3

chinajz

Post by ecloud
RHEL4默认的pop/imap服务器端是dovecot，不是cyrus，而且考试也不会考cyrus ,cyrus一般是配合虚拟域来用的
dovecot的pam配置文件是/etc/pam.d/dovecot，不是什么pop3

==============
dovecot 的配置确实方便，通过/etc/dovecot.conf很容易打开imap和pop3
验证方法也可在这文件中设置。
telnet 110和143用起来都很正常。在Evolution中无论设置imap 和pop3接收邮件，还是设置smtp或sendmail发送都一切正常。
用这东西很容易在自己电脑架个maill服务器，和数据库连接也方便，似乎象商用的一样。但dovecot究竟比cyrus差在哪里呢？