[Dovecot] dovecot.conf: mechanisms = plain login cram-md5 | Windows Live Mail: CRAM-MD5 authentication failed. This could (NOT) be due to a lack of memory on your system

Gary V mr88talent at gmail.com
Sun Aug 8 06:38:31 EEST 2010 

On 8/7/10, Jerrale G wrote:
> /etc/dovecot.conf:
>
> auth default {
> mechanisms=plain login cram-md5
>        passdb {
> #..............
>
> Windows Live Mail:
> CRAM-MD5 authentication failed. This could be due to a lack of memory on
> your system.
> Your IMAP command could not be sent to the server, due to non-network
> errors. This could, for example, indicate a lack of memory on your system.
>
> Configuration:
>   Account: Sheltoncomputers (testuser)
>   Server: mail.sheltoncomputers.com
>   User name: testuser at sheltoncomputers.com
>   Protocol: IMAP
>   Port: 993
>   Secure(SSL): 1
>   Code: 800cccdf
>
> The console I'm using is 4 GB ram; so, this dumb error of windoze dead mail
> is irrelevant. The other mechanisms of TLS/no tls plain login work fine. The
> passwords are stored in mysql as md5(password) but this works on others not
> using cram-md5 (secure login of the client). I'm trying to support a
> plethora of mechanisms for the convenience of the customer and .
>
> Jerrale G.
> Senior Admin
>

I'm no expert, but if I'm not mistaken, cram-md5 requires a plain text
shared secret. I quote from
http://www.sendmail.org/~ca/email/cyrus2/components.html:

"Shared Secret Mechanisms - For these mechanisms, such as CRAM-MD5,
DIGEST-MD5, and SRP, there is a shared secret between the server and
client (e.g. a password). However, in this case the password itself
does not travel on the wire. Instead, the client passes a server a
token that proves that it knows the secret (without actually sending
the secret across the wire). For these mechanisms, the server
generally needs a plaintext equivalent of the secret to be in local
storage (not true for SRP)."

The auth default section of my dovecot.conf looks like:

auth default {
  mechanisms = plain login cram-md5
  passdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  passdb sql {
    args = /etc/dovecot/dovecot-crammd5.conf
  }
  userdb sql {
    args = /etc/dovecot/dovecot-sql.conf
  }
  user = root
  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }
    client {
      path = /var/spool/postfix/private/auth
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}


With an /etc/dovecot/dovecot-crammd5.conf that might look something like this:

driver = mysql
connect = host=127.0.0.1 dbname=postfix user=postfix password=password
default_pass_scheme = PLAIN
password_query = SELECT clear AS password FROM mailbox WHERE username
= '%u' AND active = '1'

With an added field to store a plain text password (I called it "clear").

-- 
Gary V

More information about the dovecot mailing list