[Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

Darren Pilgrim list_dovecot at bluerosetech.com
Fri Feb 22 14:40:03 EET 2013


On 2013-02-22 03:30, Timo Sirainen wrote:
> If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be
> in plaintext format.

I tried using a DIGEST-MD5 hash instead of CRAM-MD5.  It doesn't work 
either:

rush# doveadm pw -s digest-md5 -u houseloki -p <password>
{DIGEST-MD5}...

Add to passwd file:

houseloki at _auth.bluerosetech.com:{DIGEST-MD5}...

rush# doveadm auth houseloki <password>
passdb: houseloki auth succeeded
extra fields:
    user=houseloki at _auth.bluerosetech.com

Give new password to chombo, attempt relay:

rush postfix/smtpd[49653]: warning: chombo[2001:db8::2]: SASL DIGEST-MD5 
authentication failed: ...

Without changing anything on rush or yoshi, I can swap in one of the 
older digest-md5 hashes and chombo can relay just fine (in fact, this 
email was relayed via chombo using SASL auth with one of the older 
DIGEST-MD5 hashes).

There are three other servers also successfully relaying through yoshi 
and rush, also using the older DIGEST-MD5 hashes.  I can use any of the 
four older hashes on any of the machines and they work.  I can't 
generate any new hashes that work for any.  I also checked that all six 
machines generate the same hashes.



More information about the dovecot mailing list