Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
Hello,
I am using version 2.2.31 (65cde28) on an Ubuntu 16.04 VPS.
I am attempting to setup a mail server using a flat file system as an
experiment.
I am able to send e-mail from external domain names and the messages
land in my /var/mail/vmail/domain/user/ directories.
I am trying to setup Thunderbird as an MUA using the information I
generated on my VPS namely the IMAP server, username@domain.com,
password, and SMTP server.
IMAP server - www.domain.com
SMTP server - www.domain.com
Username - created in /etc/postfix/virtual-mailbox-users.db and
/etc/dovecot/passwd.db
Password - created by dovadm pw -s SHA256 and entered (along with the
username) in /etc/dovecot/passwd.db
I enter this information into "new accounts" in Thunderbird and select
STARTTLS with ports 143 (IMAP) and 587 (SMTP). (I have experimented
with a variety of other combinations too). I click "Done" which
transmits the information to the domain server to verify the details.
My /var/log/mail.log shows:
Jul 22 18:40:48 www dovecot: auth: Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't valid
(0 instead of 32)
Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't valid
(0 instead of 32)]
Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, 3
attempts in 14 secs): user=<test@domain.com>, method=PLAIN,
rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, session=<fGoHUuxU6IAu9j4y>
What does "Password data is not valid for scheme SHA256: Input length
isn't valid (0 instead of 32)]" mean? I assume that there is some kind
of a mismatch between the way I generated the password with doveadm
and entered it in passwd.db and the way I entered the non-hashed
password into the password field in the new account section of
Thunderbird.
Is there a way to resolve this issue? My dovecot -n is below. You will
note that the passdb section does have the scheme as SHA256. Many
thanks.
# 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.19 (e5c7051)
# OS: Linux 4.4.0-83-generic x86_64 Ubuntu 16.04.2 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = username_format=%u scheme=SHA256 /etc/dovecot/passwd.db
driver = passwd-file
}
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/letsencrypt/live/www.domain.com/fullchain.pem
ssl_cipher_list =
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key = # hidden, use -P to show it
userdb {
args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n
driver = static
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 10
}
protocol pop3 {
mail_max_userip_connections = 10
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster@domain.com
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Am 23.07.2017 um 17:50 schrieb david.madman2@vfemail.net:
My /var/log/mail.log shows:
Jul 22 18:40:48 www dovecot: auth: Error: passwd-file(test@domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>): Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32) Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: Error: passwd-file(test@domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>): Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32)] Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, 3 attempts in 14 secs): user=<test@domain.com>, method=PLAIN, rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, session=<fGoHUuxU6IAu9j4y>
What does "Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32)]" mean? I assume that there is some kind of a mismatch between the way I generated the password with doveadm and entered it in passwd.db and the way I entered the non-hashed password into the password field in the new account section of Thunderbird.
It means that dovecot expacts to verify a 32 byte long password hash. What it detects has a size of 0 byte. You haven't shown an example line of your passwd.db file, but I would guess you build it up not correct.
See
https://wiki.dovecot.org/Authentication/PasswordSchemes
Alexander
Quoting Alexander Dalloz <ad+lists@uni-x.org>:
Am 23.07.2017 um 17:50 schrieb david.madman2@vfemail.net:
My /var/log/mail.log shows:
Jul 22 18:40:48 www dovecot: auth: Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't
valid (0 instead of 32) Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth:
Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't
valid (0 instead of 32)] Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed,
3 attempts in 14 secs): user=<test@domain.com>, method=PLAIN,
rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS,
session=<fGoHUuxU6IAu9j4y>What does "Password data is not valid for scheme SHA256: Input
length isn't valid (0 instead of 32)]" mean? I assume that there is
some kind of a mismatch between the way I generated the password
with doveadm and entered it in passwd.db and the way I entered the
non-hashed password into the password field in the new account
section of Thunderbird.It means that dovecot expacts to verify a 32 byte long password
hash. What it detects has a size of 0 byte. You haven't shown an
example line of your passwd.db file, but I would guess you build it
up not correct.See
https://wiki.dovecot.org/Authentication/PasswordSchemes
Alexander
Thank you for your reply. My /etc/dovecot/passwd.db shows:
test@domain.com: {SHA256}tdA2DIOZhwLOKVxA2WiOY0oy9GB8A6baW/okY+DTFi0=
I'm not sure what could be wrong with this file. It is a plain text
file created in vim.
Permissions:
-rw-r--r-- 1 root root 70 Jul 23 19:14 /etc/dovecot/passwd.db
In Thunderbird, I simply enter the text equivalent of the SHA256 in
the "password" field when creating a new account.
Do you - or anyone else - have another suggestion? Many thanks!
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Quoting Alexander Dalloz <ad+lists@uni-x.org>:
Am 23.07.2017 um 17:50 schrieb david.madman2@vfemail.net:
My /var/log/mail.log shows:
Jul 22 18:40:48 www dovecot: auth: Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't
valid (0 instead of 32) Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth:
Error:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>):
Password data is not valid for scheme SHA256: Input length isn't
valid (0 instead of 32)] Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed,
3 attempts in 14 secs): user=<test@domain.com>, method=PLAIN,
rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS,
session=<fGoHUuxU6IAu9j4y>What does "Password data is not valid for scheme SHA256: Input
length isn't valid (0 instead of 32)]" mean? I assume that there is
some kind of a mismatch between the way I generated the password
with doveadm and entered it in passwd.db and the way I entered the
non-hashed password into the password field in the new account
section of Thunderbird.It means that dovecot expacts to verify a 32 byte long password
hash. What it detects has a size of 0 byte. You haven't shown an
example line of your passwd.db file, but I would guess you build it
up not correct.See
https://wiki.dovecot.org/Authentication/PasswordSchemes
Alexander
Just to add to my previous message:
I modified the args= in the passdb section of /etc/dovecot/passwd.db
from SHA256 to SHA256-CRYPT which gave a different error when I tried
to do the same creation of the account in Thunderbird. The new error is:
Jul 23 22:12:23 www dovecot: auth:
passwd-file(test@domain.com,46.xxx.xxx.xxx,<u4CLZBNVys4u8ic/>):
Password mismatch
ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Am 24.07.2017 um 00:18 schrieb david.madman2@vfemail.net:
Just to add to my previous message:
I modified the args= in the passdb section of /etc/dovecot/passwd.db from SHA256 to SHA256-CRYPT which gave a different error when I tried to do the same creation of the account in Thunderbird. The new error is:
Jul 23 22:12:23 www dovecot: auth: passwd-file(test@domain.com,46.xxx.xxx.xxx,<u4CLZBNVys4u8ic/>): Password mismatch
"Password mismatch" sounds to be clear.
Did you verify the SHA256-CRYPT hash?
doveadm pw -t '{SHA256-CRYPT}$5$JYfSN2ogeOpMRPqA$zcojaWG0u35PYX5EYCHlRJiJyJg35.gSYURZy8T.FS8' Enter password to verify: {SHA256-CRYPT}$5$JYfSN2ogeOpMRPqA$zcojaWG0u35PYX5EYCHlRJiJyJg35.gSYURZy8T.FS8 (verified)
And which type of authentication method did you choose in Thunderbird? It should be "password, normal".
Alexander
participants (2)
-
Alexander Dalloz
-
david.madman2@vfemail.net