xiaoone
maillog日志错误码
ay 27 17:19:37 mx vpopmail[28503]: vchkpw: password fail
May 27 17:19:42 mx vpopmail[28526]: vchkpw: password fail
May 27 17:19:42 mx vpopmail[28530]: vchkpw: password fail
May 27 17:19:44 mx vpopmail[28541]: vchkpw: password fail
May 27 17:19:45 mx vpopmail[28545]: vchkpw: password fail
May 27 17:19:46 mx vpopmail[28552]: vchkpw: password fai
请问以上是什么原因造成的。
我的服务器是用ldap 来验证的。
[root@mx qmail]# service mysqld status
mysqld is stopped
以下是ps -ef 的结果 :
oot 3974 3969 0 Jan23 ? 00:00:00 /opt/duhoo/apache/bin/httpd
root 3979 1 0 Jan23 ? 02:10:25 ./smtpproxy -c smtpproxy.conf
root 3981 1 0 Jan23 ? 00:00:00 ./knowledge_center -c smtpproxy.conf
root 3982 3981 0 Jan23 ? 00:00:00 ./knowledge_center -c smtpproxy.conf
clamav 4042 1 3 Jan23 ? 3-22:05:57 /usr/local/sbin/clamd
root 9674 1 0 Jan23 ? 00:00:00 ./knowledge_center -c smtpproxy.conf
spamd 11423 1 0 Jan23 ? 00:00:00 /usr/bin/spamd -d -c -m5 -H -u spamd
ldap 32087 1 0 Jan23 ? 10:34:48 /usr/sbin/slapd -u ldap -h ldap:///
root 18229 1 0 Apr29 ? 00:00:04 crond
root 23050 13 0 May21 ? 00:09:58 [pdflush]
root 23051 13 0 May21 ? 00:10:29 [pdflush]
root 26782 1 0 May21 ? 00:00:00 -bash
root 26962 26782 0 May21 ? 00:00:00 scp -r -p -d -f sh
root 2494 1 0 May21 ? 00:00:04 /usr/sbin/sshd
spamd 1814 11423 0 May22 ? 00:01:10 spamd child
spamd 16272 11423 0 May22 ? 00:00:58 spamd child
spamd 17536 11423 0 May22 ? 00:01:03 spamd child
spamd 26086 11423 0 May22 ? 00:00:59 spamd child
spamd 20511 11423 0 May24 ? 00:00:53 spamd child
root 31655 1 0 May25 ? 00:00:26 /usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd
root 16503 2494 0 08:44 ? 00:00:00 sshd: zgx [priv]
zgx 16550 16503 0 08:44 ? 00:00:02 sshd: zgx@pts/1,pts/3
zgx 16563 16550 0 08:44 pts/1 00:00:00 -bash
root 17212 16563 0 08:44 pts/1 00:00:00 su - root
root 18554 17212 0 08:44 pts/1 00:00:00 -bash
zgx 26762 16550 0 10:55 pts/3 00:00:00 -bash
zgx 4471 26762 0 16:53 pts/3 00:00:08 top
root 23623 1 0 16:55 pts/1 00:00:00 /bin/sh /email/qmail/rc
qmails 23628 23623 15 16:55 pts/1 00:04:24 qmail-send
root 23630 23623 3 16:55 pts/1 00:00:50 /email/ucspi-tcp/bin/multilog t n150 s1000000 /var/l
root 23632 23628 2 16:55 pts/1 00:00:40 qmail-lspawn ./Maildir/
qmailr 23633 23628 1 16:55 pts/1 00:00:27 qmail-rspawn
qmailq 23635 23628 0 16:55 pts/1 00:00:05 qmail-clean
qmails 23636 23628 58 16:55 pts/1 00:16:12 qmail-todo
qmailq 23637 23628 0 16:55 pts/1 00:00:02 qmail-clean
qmaild 23999 1 0 16:55 pts/1 00:00:00 tcpserver -R -H -l itmail -c 512 -b 512 -x /email/vm
root 24000 1 0 16:55 pts/1 00:00:00 /email/ucspi-tcp/bin/multilog t n100 s1000000 /var/l
vpopmail 24001 1 0 16:55 pts/1 00:00:00 tcpserver -R -H -l itmail -c 512 -b 512 -v -u 89 -g
root 24002 1 0 16:55 pts/1 00:00:00 /email/ucspi-tcp/bin/multilog t n100 s1000000 /var/l
qmaild 24003 1 0 16:55 pts/1 00:00:00 tcpserver -R -H -l itmail -c 512 -b 512 -x /email/qm
root 24004 1 0 16:55 pts/1 00:00:00 /email/ucspi-tcp/bin/multilog t n100 s1000000 /var/l
。。。。。。。
我怀疑是vpopmail 能过ldap 验证后,而没有能过vchkpw的方式所报的错误,而25 110都能正常提供服务。。。。。。。。
[root@mx qmail]# cat /etc/openldap/slapd.conf
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/vpopmail.schema
# Allow LDAPv2 client connections. This is NOT the default.
allow bind_v2
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /var/run/slapd.pid
argsfile /var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/sbin/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
# moduleload back_passwd.la
# moduleload back_shell.la
# The next three lines allow use of TLS for encrypting connections using a
# dummy test certificate which you can generate by changing to
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
# TLSCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
# TLSCertificateFile /usr/share/ssl/certs/slapd.pem
# TLSCertificateKeyFile /usr/share/ssl/certs/slapd.pem
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
access to *
by dn="cn=replicator,dc=favor,dc=net" write
by * read
by * compare
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
database bdb
suffix "dc=favor,dc=net"
rootdn "cn=manager,dc=favor,dc=net"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
# rootpw secret
# rootpw {crypt}ijFYNcSNctBYg
rootpw scratom
updatedn "cn=replicator,dc=favor,dc=net"
updateref ldap://10.13.10.2
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
sizelimit 1000000
# Replicas of this database
#replogfile /var/lib/ldap/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-[email]master.example.com@EXAMPLE.COM[/email]
[root@mx qmail]# cat /etc/openldap/ldap.conf
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
#BASE dc=example, dc=com
#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
HOST 127.0.0.1
BASE dc=favor,dc=net
望高手指点。。。。。。。。。