Help on CRAM-MD5
@lbutlr
kremels at kreme.com
Wed Jun 19 01:41:06 EEST 2019
On 18 Jun 2019, at 16:04, Jorge Bastos via dovecot <dovecot at dovecot.org> wrote:
> I'm using dovecot and mysql users, and i'm creating the password with:
>
> ENCRYPT('some-passwd',CONCAT('$6$', SUBSTRING(SHA(RAND()), -16)))
Why not just use the builtin tool in dovecot?
doveadm pw -s SHA256-CRYPT -p ‘password[goes]here!’
(or SHA512-CRYPT in your case, I guess).
> So far so good, everything's fine.
> Today saw that i didn't enabled CRAM-MD5
Why would you?
> , but if I do, and the (at least)
> IMAP client (roundcube/thunderbird/etc) issues CRAM-MD5 it doesn't
> authenticate.
> What am i doing wrong, or that can be done so that all types work (SASL
> PLAIN LOGIN + CRAM-MD5)?
What is the reason for wanting to enable CRAM-MD5? That was intended to use on unsecured connections; you should not be allowing authentication on unsecured connections in 2019.
Establish a secure submission on port 587 or smtps on 465 and do not use CRAM-MD5 at all.
--
"Part of the inhumanity of the computer is that, once it is competently
programmed and working smoothly, it is completely honest." - Isaac
Asimov
More information about the dovecot
mailing list