I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays
to rush and yoshi for outbound email. Outbound relay requires SASL
authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple
passwd-file backends.
If I create a new password hash for chombo's user, houseloki, on either
rush or yoshi:
# doveadm pw -u houseloki -p <password>
{CRAM-MD5}...
Then I add that to rush and yoshi's passwd file:
houseloki@_auth.bluerosetech.com:{CRAM-MD5}...
Then `doveadm reload`, it works fine:
# doveadm auth houseloki <password>
passdb: houseloki auth succeeded
extra fields:
user=houseloki@_auth.bluerosetech.com
So I add that username and password to the smtp_sasl_password_maps hash
file on chombo, reload postfix, and then try to relay something from
chombo, it fails with rush and yoshi logging warnings like:
Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning:
chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed:
<really long string redacted>
Rush and yoshi have other hashes in their passwd files, and if I
configure chombo to use one of those, it works fine. Those hashes use
digest-md5 and are at least a few years old. I tried that scheme
instead of the default cram-md5, as well as several others, but none
work. I've poured over the wiki and man pages, but can't find the problem.
What am I missing? Why can I not generate new hashes correctly?
