Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.

david.madman2 at vfemail.net david.madman2 at vfemail.net
Sun Jul 23 18:50:59 EEST 2017 

Hello,

I am using version 2.2.31 (65cde28) on an Ubuntu 16.04 VPS.

I am attempting to setup a mail server using a flat file system as an  
experiment.

I am able to send e-mail from external domain names and the messages  
land in my /var/mail/vmail/domain/user/ directories.

I am trying to setup Thunderbird as an MUA using the information I  
generated on my VPS namely the IMAP server, username at domain.com,  
password, and SMTP server.

IMAP server - www.domain.com
SMTP server - www.domain.com
Username - created in /etc/postfix/virtual-mailbox-users.db and  
/etc/dovecot/passwd.db
Password - created by dovadm pw -s SHA256 and entered (along with the  
username) in /etc/dovecot/passwd.db

I enter this information into "new accounts" in Thunderbird and select  
STARTTLS with ports 143 (IMAP) and 587 (SMTP). (I have experimented  
with a variety of other combinations too). I click "Done" which  
transmits the information to the domain server to verify the details.

My /var/log/mail.log shows:

Jul 22 18:40:48 www dovecot: auth: Error:  
passwd-file(test at domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>):  
Password data is not valid for scheme SHA256: Input length isn't valid  
(0 instead of 32)
Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: Error:  
passwd-file(test at domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>):  
Password data is not valid for scheme SHA256: Input length isn't valid  
(0 instead of 32)]
Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, 3  
attempts in 14 secs): user=<test at domain.com>, method=PLAIN,  
rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, session=<fGoHUuxU6IAu9j4y>

What does "Password data is not valid for scheme SHA256: Input length  
isn't valid (0 instead of 32)]" mean? I assume that there is some kind  
of a mismatch between the way I generated the password with doveadm  
and entered it in passwd.db and the way I entered the non-hashed  
password into the password field in the new account section of  
Thunderbird.

Is there a way to resolve this issue? My dovecot -n is below. You will  
note that the passdb section does have the scheme as SHA256. Many  
thanks.

# 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.19 (e5c7051)
# OS: Linux 4.4.0-83-generic x86_64 Ubuntu 16.04.2 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
mail_home = /var/mail/vmail/%d/%n
mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope  
encoded-character vacation subaddress comparator-i;ascii-numeric  
relational regex imap4flags copy include variables body enotify  
environment mailbox date index ihave duplicate mime foreverypart  
extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     auto = subscribe
     special_use = \Drafts
   }
   mailbox Junk {
     auto = subscribe
     special_use = \Junk
   }
   mailbox Sent {
     auto = subscribe
     special_use = \Sent
   }
   mailbox Trash {
     auto = subscribe
     special_use = \Trash
   }
   prefix =
}
passdb {
   args = username_format=%u scheme=SHA256 /etc/dovecot/passwd.db
   driver = passwd-file
}
plugin {
   sieve = file:~/sieve;active=~/.dovecot.sieve
   sieve_dir = ~/sieve
}
protocols = imap pop3 sieve
service auth {
   unix_listener /var/spool/postfix/private/dovecot-auth {
     group = postfix
     mode = 0660
     user = postfix
   }
}
ssl_cert = </etc/letsencrypt/live/www.domain.com/fullchain.pem
ssl_cipher_list =  
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
ssl_key =  # hidden, use -P to show it
userdb {
   args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n
   driver = static
}
protocol imap {
   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
   mail_max_userip_connections = 10
}
protocol pop3 {
   mail_max_userip_connections = 10
   pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
   deliver_log_format = msgid=%m: %$
   mail_plugins = sieve
   postmaster_address = postmaster at domain.com
   quota_full_tempfail = yes
   rejection_reason = Your message to <%t> was automatically rejected:%n%r
}



-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!

More information about the dovecot mailing list