Hello everyone. I'm close to completing my first build of a mail server
- Postfix, Dovecot, Postgres (I know, sounds like overkill), Rspamd with
Redis and Unbound (please infer a mega lack of experience disclaimer).
The model is standalone internet with remoted sasl-authenticated clients.
Throughout the process I've been having consistent problems with user
password authentication. Both when I began when I was only using flat
files and now with pgsql, more often than not my username (full email
address) and password combo have been rejected. The postfix logs
started with fairly innocent 'failed login' messages and eventually
reached the "you don't own this email address, you're a spammer" level.
Dovecot has been consistent with "auth: Debug: client passdb out: FAIL"
messages.
Before I looked at this issue specifically, my guess was it came from a Postfix restriction but having spent quite a while going through it today, I don't think that's where it lies.
Finally I went back to basics and changed an account password to {PLAIN}12345 and what do you know - effortless success! Previously I'd been using mainly argon, ssha512 sha512-crypt and a few others. My passwords are strong (well in excess of 20 characters, 'randomly' generated). I spent this afternoon narrowing down the hashes and while I haven't finished, the only one I couldn't get to work with 12345 was argon.
I also noticed that the wiki says the 2I and 2ID versions of Argon are available, doveadm pw always returned a "does not exist" error when I tried to use 2ID.
I'm using Dovecot version 2.3.2.1 (0719df592)