Requested CRAM-MD5 scheme, but we have only CRYPT

Wed Dec 1 17:42:03 UTC 2021

auth_mechanisms = plain login digest-md5 cram-md5

You still advertise them though.

Aki

> On 01/12/2021 18:09 absolutely_free at libero.it wrote:
> 
> 
> Hi,
> I use dovecot-2.3.15 with MySQL backend for authentication.
> I just converted cleartext credentials in SSHA512. Authentication (POP3/IMAP/Roundcube webmail) is working fine.
> I got a few users complianing about login issues with Thunderbird.
> Logs show this:
> Dec 1 16:34:52 mailserver dovecot[72554] auth-worker(72559): conn unix:auth-worker (uid=143): auth-worker<5294>: sql(user at domain.net,xx.yy.ww.zz,<g+jCZhfS/N1dKskw>): Requested CRAM-MD5 scheme, but we have only CRYPT
> I don't understand this error. It seems I still support CRAM-MD5:
> telnet localhost 143
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
> 
> This is my conf:
> 
> doveconf -n
> # 2.3.15 (0503334ab1): /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 13.0-RELEASE-p4 amd64 zfs
> # Hostname: server.domain.net
> doveconf: Warning: please set ssl_dh=</usr/local/etc/dovecot/dh.pem
> doveconf: Warning: You can generate it with: dd if=/var/db/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /usr/local/etc/dovecot/dh.pem
> auth_debug = yes
> auth_mechanisms = plain login digest-md5 cram-md5
> auth_verbose = yes
> default_client_limit = 2000
> default_process_limit = 500
> default_vsz_limit = 512 M
> disable_plaintext_auth = no
> first_valid_gid = 125
> first_valid_uid = 125
> imap_id_log = *
> mail_gid = 1003
> mail_location = maildir:/mail/domains
> mail_privileged_group = postfix
> mail_uid = 1003
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix =
> }
> passdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> unix_listener auth-userdb {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service imap {
> process_limit = 1024
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl_cert = </etc/ssl/wildcard.domain.net_bundle.crt
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> userdb {
> args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver = sql
> }
> protocol imap {
> mail_max_userip_connections = 100
> }
> 
> this is my dovecot-sql-crypt.conf.ext:
> 
> # cat /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
> driver=mysql
> default_pass_scheme=CRYPT
> connect= host=db.domain.net port=3306 dbname=mail user=user password=xxxxxxxxxxxxxxxxxxxx
> #password_query = SELECT case when crypt is not null then crypt else password end as password FROM `mailbox` WHERE username='%u' AND suspended='N'
> password_query = SELECT case when crypt is not null then crypt else password_crypt end as password FROM `mailbox` WHERE username='%u' AND suspended='N'
> user_query = SELECT concat('maildir:',home) as mail, 125 AS uid, 125 AS gid FROM mailbox WHERE username='%u' AND suspended='N'
> Thank you