<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<p class="default-style">Hi,<br></p>
<p class="default-style">I use dovecot-2.3.15 with MySQL backend for authentication.<br></p>
<p class="default-style">I just converted cleartext credentials in SSHA512. Authentication (POP3/IMAP/Roundcube webmail) is working fine.<br></p>
<p class="default-style">I got a few users complianing about login issues with Thunderbird.<br></p>
<p class="default-style">Logs show this:<br></p>
<p class="default-style">Dec 1 16:34:52 mailserver dovecot[72554] auth-worker(72559): conn unix:auth-worker (uid=143): auth-worker<5294>: sql(user@domain.net,xx.yy.ww.zz,<g+jCZhfS/N1dKskw>): Requested CRAM-MD5 scheme, but we have only CRYPT</p>
<p class="default-style">I don't understand this error. It seems I still support CRAM-MD5:<br></p>
<p class="default-style">telnet localhost 143<br>Trying 127.0.0.1...<br>Connected to localhost.<br>Escape character is '^]'.<br>* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.</p>
<p class="default-style"><br></p>
<p class="default-style">This is my conf:<br></p>
<p class="default-style"><br></p>
<p class="default-style">doveconf -n<br># 2.3.15 (0503334ab1): /usr/local/etc/dovecot/dovecot.conf<br># OS: FreeBSD 13.0-RELEASE-p4 amd64 zfs<br># Hostname: server.domain.net<br>doveconf: Warning: please set ssl_dh=</usr/local/etc/dovecot/dh.pem<br>doveconf: Warning: You can generate it with: dd if=/var/db/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /usr/local/etc/dovecot/dh.pem<br>auth_debug = yes<br>auth_mechanisms = plain login digest-md5 cram-md5<br>auth_verbose = yes<br>default_client_limit = 2000<br>default_process_limit = 500<br>default_vsz_limit = 512 M<br>disable_plaintext_auth = no<br>first_valid_gid = 125<br>first_valid_uid = 125<br>imap_id_log = *<br>mail_gid = 1003<br>mail_location = maildir:/mail/domains<br>mail_privileged_group = postfix<br>mail_uid = 1003<br>namespace inbox {<br>inbox = yes<br>location =<br>mailbox Drafts {<br>special_use = \Drafts<br>}<br>mailbox Junk {<br>special_use = \Junk<br>}<br>mailbox Sent {<br>special_use = \Sent<br>}<br>mailbox "Sent Messages" {<br>special_use = \Sent<br>}<br>mailbox Trash {<br>special_use = \Trash<br>}<br>prefix =<br>}<br>passdb {<br>args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext<br>driver = sql<br>}<br>service auth {<br>unix_listener /var/spool/postfix/private/auth {<br>group = postfix<br>mode = 0666<br>user = postfix<br>}<br>unix_listener auth-userdb {<br>group = postfix<br>mode = 0600<br>user = postfix<br>}<br>}<br>service imap {<br>process_limit = 1024<br>}<br>service lmtp {<br>unix_listener /var/spool/postfix/private/dovecot-lmtp {<br>group = postfix<br>mode = 0600<br>user = postfix<br>}<br>}<br>ssl_cert = </etc/ssl/wildcard.domain.net_bundle.crt<br>ssl_dh = # hidden, use -P to show it<br>ssl_key = # hidden, use -P to show it<br>userdb {<br>args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext<br>driver = sql<br>}<br>protocol imap {<br>mail_max_userip_connections = 100<br>}</p>
<p class="default-style"><br></p>
<p class="default-style">this is my dovecot-sql-crypt.conf.ext:<br></p>
<p class="default-style"><br></p>
<p class="default-style"> # cat /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext<br>driver=mysql<br>default_pass_scheme=CRYPT<br>connect= host=db.domain.net port=3306 dbname=mail user=user password=xxxxxxxxxxxxxxxxxxxx<br>#password_query = SELECT case when crypt is not null then crypt else password end as password FROM `mailbox` WHERE username='%u' AND suspended='N'<br></p>
<p class="default-style">password_query = SELECT case when crypt is not null then crypt else password_crypt end as password FROM `mailbox` WHERE username='%u' AND suspended='N'<br></p>
<p class="default-style">user_query = SELECT concat('maildir:',home) as mail, 125 AS uid, 125 AS gid FROM mailbox WHERE username='%u' AND suspended='N'<br></p>
<p class="default-style">Thank you<br></p>
</body>
</html>