Where can I change this db password? Maybe this is good point. ;) but I don't get it how change passdb auth from db to file could impact on rows in db. I would like to get this work on default settings. I have copy of dovecot.conf file but with default settings I can't send emails. Let's forget about cram-md5. I don't need this anymore. In dovecot-sql.conf I have: driver = mysql connect = host=localhost dbname=dbispconfig user=ispconfig password=06549e2a867ee50a107098f424073acd port=3306 default_pass_scheme = CRYPT
and would be lovely to leave it as it is, because I only changed (and I don't need this cram-md5 as auth type) in dovecot.conf: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql #added below two lines and commented out above two default lines using tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } after removed cram-md5 from auth_mechanisms and set default lines in passdb block from unknown reason I can't send emails. This is insane. 2017-02-23 16:08 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > --- > Maybe you should change your DB-Password: You sent it to the list inside > the atteched file: > password=06549...3acd port=3306 > --- > > > Your problem with cram-md5 is, that you have > > "default_pass_scheme = CRYPT" > > in /etc/dovecot/dovecot-sql.conf. > > > As mentioned in this text from my last mail, you need to change the > schema your passwords are stored in: > >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find > >>> under "Non-plaintext authentication mechanisms": > >>> "The problem with non-plaintext auth mechanisms is that the password > >>> must be stored either in plaintext, or using a mechanism-specific > scheme > >>> that's incompatible with all other non-plaintext mechanisms. In > >>> addition, the mechanism-specific schemes often offer very little > >>> protection. This isn't a limitation of Dovecot, it's a requirement for > >>> the algorithms to even work. > >>> > >>> For example if you're going to use CRAM-MD5 authentication, the > password > >>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to > >>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in > >>> plaintext. " > > You'll have to set an other default scheme in your > /etc/dovecot/dovecot-sql.conf and recreate your passwords in the db. > Read more in above mentioned URL. > > Or you can prefix every password with its scheme, but i don't remember > details. > > > Willi > > > > Am 23.02.2017 um 15:35 schrieb Poliman - Serwis: > > "Now i understand, that you want to add cram-md5 to the mechs, but to > > authenticate still against the sql-db?" Hehe no. I have cram-md5 and > when I > > try sql-db I can't send emails. > > I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that > Postfix > > logs go to mail.log and mail.err files. > > "dovecot logs for the mentioned two cases?" - which two cases? :) > > dovecot-sql.conf output in attachement. > > "maybe a link to the mentioned dovecot threat" - do You mean tutorial > based > > on I setup cram-md5 in dovecot? > > > > 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Now i understand, that you want to add cram-md5 to the mechs, but to > >> authenticate still against the sql-db? > >> > >> > >> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find > >> under "Non-plaintext authentication mechanisms": > >> "The problem with non-plaintext auth mechanisms is that the password > >> must be stored either in plaintext, or using a mechanism-specific scheme > >> that's incompatible with all other non-plaintext mechanisms. In > >> addition, the mechanism-specific schemes often offer very little > >> protection. This isn't a limitation of Dovecot, it's a requirement for > >> the algorithms to even work. > >> > >> For example if you're going to use CRAM-MD5 authentication, the password > >> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to > >> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in > >> plaintext. " > >> > >> Does that possibly point out your problem? > >> > >> > >> Otherwise please provide > >> - dovecot logs for the mentioned two cases? > >> - contnet of /etc/dovecot/dovecot-sql.conf? > >> - maybe a link to the mentioned dovecot threat. > >> > >> Did you find your postfix logs? Which system do you use? > >> > >> > >> Willi > >> > >> > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl <ser...@poliman.pl>*