On 18 Jun 2019, at 16:04, Jorge Bastos via dovecot dovecot@dovecot.org wrote:
I'm using dovecot and mysql users, and i'm creating the password with:
ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
Why not just use the builtin tool in dovecot?
doveadm pw -s SHA256-CRYPT -p ‘password[goes]here!’
(or SHA512-CRYPT in your case, I guess).
So far so good, everything's fine. Today saw that i didn't enabled CRAM-MD5
Why would you?
, but if I do, and the (at least) IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't authenticate. What am i doing wrong, or that can be done so that all types work (SASL PLAIN LOGIN + CRAM-MD5)?
What is the reason for wanting to enable CRAM-MD5? That was intended to use on unsecured connections; you should not be allowing authentication on unsecured connections in 2019.
Establish a secure submission on port 587 or smtps on 465 and do not use CRAM-MD5 at all.
-- "Part of the inhumanity of the computer is that, once it is competently programmed and working smoothly, it is completely honest." - Isaac Asimov