Multiple passwords with sql authentication

Rick Romero rick at
Wed Jul 23 16:07:17 UTC 2014

  Quoting BlackVoid <blackvoid+dovecot at>:

> I'm currently working on a control panel which is using postfix, dovecot
> and other applications and I want to add application specific passwords
> to increase security.
> I found one solution [1], however it requires the password to be
> included in the query which is something I do not want to do, because
> the query may be written in clear-text to log-files. So I'm wondering if
> there is a way to have multiple passwords with dovecot without risking
> passwords being leakied in clear-text to log-files.

You can run your query by host (or port - not sure if that variable is
available in the query) and make it complex..

For example - (MySQL)
SELECT if ('%r'!='', webmail_pass, enc_password) as password from
user where userid = %u

If you're using Dovecot as an auth backend for your control panel, I'd use
a custom port only accessible from the web server(s) like 145 for
IMAP+Control Panel.


More information about the dovecot mailing list