On 02/08/2025 10:31 PM MST Sean McBride via dovecot <dovecot@dovecot.org> wrote:
It says here https://www.dovecot.org/bugreport-mail/ that bug reports should go to this list. Does that apply to suggestions too? Assuming so...
Best practice these days is to file a bug report (or MR) to GitHub.
https://github.com/dovecot/ shows the various Dovecot components.
We are actively working on improving our various websites, so this updated recommendation will (eventually) work its way on the pages somewhere.
The docs here are very good:
https://doc.dovecot.org/main/core/man/doveadm-pw.1.html
but it's always nice to have examples of current best practice. As I understand it, the best password hashing algorithm these days is Argon2id, according to:
https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet....
So it would be nice to have an example corresponding to best practices, showing use of argon2id.
I could attempt a PR on GitHub if you'd like.
That would be the proper way to suggest.
Do note: as mentioned in another message to the list I just sent, the mission of the Dovecot documentation is to document how the software works. It is not to document email server hosting best practices. Determination of which PW hashing algorithm to use seems to be in the latter category. (Documenting that Dovecot supports argon2id is in scope per the former, but it sounds like we did our job there.)
michael