Upgrading from 2.4.2 to 2.4.3 broke static password login
Hey folks,
I've got dovecot running via docker on version 2.4.2. Here's what my config extension looks like:
# auth_mechanisms = plain login
auth_verbose = yes
passdb static {
password = %{env:USER_PASSWORD}
}
service lmtp {
inet_listener lmtps {
port = 31024
ssl = no
}
}
ssl_server_cert_file = /etc/dovecot/ssl/cert.pem
ssl_server_key_file = /etc/dovecot/ssl/key.pem
ssl = yes
auth_allow_cleartext = no
namespace inbox {
type = private
separator = /
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = create
}
mailbox spam {
special_use = \Junk
auto = no
}
mailbox Spam {
special_use = \Junk
auto = no
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox TRASH {
special_use = \Trash
auto = no
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Mail" {
special_use = \Sent
auto = no
}
mailbox "Sent Messages" {
special_use = \Sent
auto = no
}
mailbox Archive {
special_use = \Archive
auto = create
}
mailbox "Archives" {
special_use = \Archive
auto = no
}
}
I have env USER_PASSWORD defined in the format of {PLAIN}REDACTED
This has been humming along fine for a little while. I recently automatically upgraded to 2.4.3 which broke my ability to login via IMAP to retrieve emails (it also broke my local mail transport setup; it was unable to send emails). I could see the following messages in the logs:
Apr 27 11:12:09 auth(REDACTED,REDACTED,sasl:plain)<REDACTED>: Info: static: No password returned (and no nopassword)
Apr 27 11:12:11 imap-login: Info: Login aborted: Connection closed (auth failed, 1 attempts in 6 secs) (auth_failed): user=<REDACTED>, method=PLAIN, rip=REDACTED, lip=172.17.0.2, TLS, session=<REDACTED>
Downgrading back to 2.4.2 "fixed" the problem (I was able to login again; LMTP worked again). I didn't change my config extension between the upgrades.
I tried searching https://github.com/search?q=repo%3Adovecot%2Fcore+password&type=issues and I see a few related to passwords but nothing is really jumping out at me.
Help? I'm staying pinned on 2.4.2 for now but that's not a long term solution.
Make sure you have
import_environment { USER_PASSWORD = %{env:USER_PASSWORD} }
somewhere in the config. This was moved to auth.conf recently in the docker image.
Aki
On 27/04/2026 19:57 EEST harrison--- via dovecot
<[1]dovecot@dovecot.org> wrote:
Hey folks,
I've got dovecot running via docker on version 2.4.2. Here's what my
config extension looks like:
```
# auth_mechanisms = plain login
auth_verbose = yes
passdb static {
password = %{env:USER_PASSWORD}
}
service lmtp {
inet_listener lmtps {
port = 31024
ssl = no
}
}
ssl_server_cert_file = /etc/dovecot/ssl/cert.pem
ssl_server_key_file = /etc/dovecot/ssl/key.pem
ssl = yes
auth_allow_cleartext = no
namespace inbox {
type = private
separator = /
inbox = yes
mailbox Drafts {
special_use = \Drafts
auto = subscribe
}
mailbox Junk {
special_use = \Junk
auto = create
}
mailbox spam {
special_use = \Junk
auto = no
}
mailbox Spam {
special_use = \Junk
auto = no
}
mailbox Trash {
special_use = \Trash
auto = subscribe
}
mailbox TRASH {
special_use = \Trash
auto = no
}
mailbox Sent {
special_use = \Sent
auto = subscribe
}
mailbox "Sent Mail" {
special_use = \Sent
auto = no
}
mailbox "Sent Messages" {
special_use = \Sent
auto = no
}
mailbox Archive {
special_use = \Archive
auto = create
}
mailbox "Archives" {
special_use = \Archive
auto = no
}
}
```
I have env `USER_PASSWORD` defined in the format of `{PLAIN}REDACTED`
This has been humming along fine for a little while. I recently
automatically upgraded to 2.4.3 which broke my ability to login via IMAP
to retrieve emails (it also broke my local mail transport setup; it was
unable to send emails). I could see the following messages in the logs:
```
Apr 27 11:12:09 auth(REDACTED,REDACTED,sasl:plain)<REDACTED>: Info:
static: No password returned (and no nopassword)
Apr 27 11:12:11 imap-login: Info: Login aborted: Connection closed (auth
failed, 1 attempts in 6 secs) (auth_failed): user=<REDACTED>,
method=PLAIN, rip=REDACTED, lip=172.17.0.2, TLS, session=<REDACTED>
```
Downgrading back to 2.4.2 "fixed" the problem (I was able to login
again; LMTP worked again). I didn't change my config extension between
the upgrades.
I tried searching
[2]https://github.com/search?q=repo%3Adovecot%2Fcore+password&type=issues
and I see a few related to passwords but nothing is really jumping out
at me.
Help? I'm staying pinned on 2.4.2 for now but that's not a long term
solution.
_______________________________________________
dovecot mailing list -- [3]dovecot@dovecot.org
To unsubscribe send an email to [4]dovecot-leave@dovecot.orgReferences
Visible links
- mailto:dovecot@dovecot.org
- https://github.com/search?q=repo%3Adovecot%2Fcore+password&type=issues
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
That fixed the issue. Is this new requirement documented anywhere? I'm sure it is; I'm just curious where so I can make sure to look for similar stuff going forward.
I really appreciate the help!
It's not a new requirement. To avoid security issues we moved the import_environment block from dovecit.conf to auth.conf for the docker images. It has always been there, but in wrong place.
Need to check the docker documentation to see it's mentioned there.
Aki
On 28/04/2026 03:38 EEST harrison--- via dovecot
<[1]dovecot@dovecot.org> wrote:
That fixed the issue. Is this new requirement documented anywhere? I'm
sure it is; I'm just curious where so I can make sure to look for
similar stuff going forward.
I really appreciate the help!
_______________________________________________
dovecot mailing list -- [2]dovecot@dovecot.org
To unsubscribe send an email to [3]dovecot-leave@dovecot.orgReferences
Visible links
- mailto:dovecot@dovecot.org
- mailto:dovecot@dovecot.org
- mailto:dovecot-leave@dovecot.org
participants (2)
-
Aki Tuomi
-
harrison@hhj.me