Detection-efficiency mismatch is a common problem in practical quantum key distribution (QKD) systems. Current security proofs of QKD with detection-efficiency mismatch rely either on the assumption of the single-photon light source on the sender side or on the assumption of the single-photon input of the receiver side. These assumptions impose restrictions on the class of possible eavesdropping strategies. Here we present a rigorous security proof without these assumptions and, thus, solve this important problem and prove the security of QKD with detection-efficiency mismatch against general attacks (in the asymptotic regime). In particular, we adapt the decoy state method to the case of detection-efficiency mismatch.