If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be in plaintext format. http://wiki2.dovecot.org/Authentication/Mechanisms#Non-plaintext_authenticat...
(In theory it would be possible to have both CRAM-MD5 and DIGEST-MD5 hashes stored in the passdb and have Dovecot use the one that's needed, but currently this isn't supported.)
On 19.2.2013, at 13.38, Darren Pilgrim <list_dovecot@bluerosetech.com> wrote:
I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays to rush and yoshi for outbound email. Outbound relay requires SASL authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple passwd-file backends.
If I create a new password hash for chombo's user, houseloki, on either rush or yoshi:
# doveadm pw -u houseloki -p <password> {CRAM-MD5}...
Then I add that to rush and yoshi's passwd file:
houseloki@_auth.bluerosetech.com:{CRAM-MD5}...
Then
doveadm reload
, it works fine:# doveadm auth houseloki <password> passdb: houseloki auth succeeded extra fields: user=houseloki@_auth.bluerosetech.com
So I add that username and password to the smtp_sasl_password_maps hash file on chombo, reload postfix, and then try to relay something from chombo, it fails with rush and yoshi logging warnings like:
Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning: chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed: <really long string redacted>
Rush and yoshi have other hashes in their passwd files, and if I configure chombo to use one of those, it works fine. Those hashes use digest-md5 and are at least a few years old. I tried that scheme instead of the default cram-md5, as well as several others, but none work. I've poured over the wiki and man pages, but can't find the problem.
What am I missing? Why can I not generate new hashes correctly?