Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix
Timo, Thank you for trying to help, but I'm out of time on this. I switched everything over to the PLAIN mechanism with BLF-CRYPT hashes and it works fine. I'm guessing there's something broken with DIGEST-MD5, but can't say if the fault is in Dovecot 2 or Postfix. Given that it's obsoleted by SCRAM, that doesn't bother me much. Now I just need to either get SCRAM support into cyrus-sasl, or SASL client support from Dovecot. I'd much rather the latter, of course. :)
Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix
If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be in plaintext format. http://wiki2.dovecot.org/Authentication/Mechanisms#Non-plaintext_authentication (In theory it would be possible to have both CRAM-MD5 and DIGEST-MD5 hashes stored in the passdb and have Dovecot use the one that's needed, but currently this isn't supported.) On 19.2.2013, at 13.38, Darren Pilgrim list_dove...@bluerosetech.com wrote: I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays to rush and yoshi for outbound email. Outbound relay requires SASL authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple passwd-file backends. If I create a new password hash for chombo's user, houseloki, on either rush or yoshi: # doveadm pw -u houseloki -p password {CRAM-MD5}... Then I add that to rush and yoshi's passwd file: houseloki@_auth.bluerosetech.com:{CRAM-MD5}... Then `doveadm reload`, it works fine: # doveadm auth houseloki password passdb: houseloki auth succeeded extra fields: user=houseloki@_auth.bluerosetech.com So I add that username and password to the smtp_sasl_password_maps hash file on chombo, reload postfix, and then try to relay something from chombo, it fails with rush and yoshi logging warnings like: Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning: chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed: really long string redacted Rush and yoshi have other hashes in their passwd files, and if I configure chombo to use one of those, it works fine. Those hashes use digest-md5 and are at least a few years old. I tried that scheme instead of the default cram-md5, as well as several others, but none work. I've poured over the wiki and man pages, but can't find the problem. What am I missing? Why can I not generate new hashes correctly?
Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix
On 2013-02-22 03:30, Timo Sirainen wrote: If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be in plaintext format. I tried using a DIGEST-MD5 hash instead of CRAM-MD5. It doesn't work either: rush# doveadm pw -s digest-md5 -u houseloki -p password {DIGEST-MD5}... Add to passwd file: houseloki@_auth.bluerosetech.com:{DIGEST-MD5}... rush# doveadm auth houseloki password passdb: houseloki auth succeeded extra fields: user=houseloki@_auth.bluerosetech.com Give new password to chombo, attempt relay: rush postfix/smtpd[49653]: warning: chombo[2001:db8::2]: SASL DIGEST-MD5 authentication failed: ... Without changing anything on rush or yoshi, I can swap in one of the older digest-md5 hashes and chombo can relay just fine (in fact, this email was relayed via chombo using SASL auth with one of the older DIGEST-MD5 hashes). There are three other servers also successfully relaying through yoshi and rush, also using the older DIGEST-MD5 hashes. I can use any of the four older hashes on any of the machines and they work. I can't generate any new hashes that work for any. I also checked that all six machines generate the same hashes.
[Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix
I have three postfix 2.9.5 servers: chombo, rush, yoshi. Chombo relays to rush and yoshi for outbound email. Outbound relay requires SASL authentication. Rush and yoshi run Dovecot 2.1.12 servers with simple passwd-file backends. If I create a new password hash for chombo's user, houseloki, on either rush or yoshi: # doveadm pw -u houseloki -p password {CRAM-MD5}... Then I add that to rush and yoshi's passwd file: houseloki@_auth.bluerosetech.com:{CRAM-MD5}... Then `doveadm reload`, it works fine: # doveadm auth houseloki password passdb: houseloki auth succeeded extra fields: user=houseloki@_auth.bluerosetech.com So I add that username and password to the smtp_sasl_password_maps hash file on chombo, reload postfix, and then try to relay something from chombo, it fails with rush and yoshi logging warnings like: Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning: chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed: really long string redacted Rush and yoshi have other hashes in their passwd files, and if I configure chombo to use one of those, it works fine. Those hashes use digest-md5 and are at least a few years old. I tried that scheme instead of the default cram-md5, as well as several others, but none work. I've poured over the wiki and man pages, but can't find the problem. What am I missing? Why can I not generate new hashes correctly?