For the record on FreeBSD systems! The use of DES/MD5 is controlled entirely by the crypt libraries. Vpopmail doesn't control the use of DES/MD5 passwords. If you dig through the source you can see that it sends the entire crypted password as the crypt key. ie.. crypt( 'joeblow', 'hJPcq6ffTNHuI'); for DES crypt( 'joeblow', '$1$qKMDvF5y$bcpzwp1mNbCQuTQYvkkeX.'); for MD5 The 'key' to understanding the whole mess is in the first 2 characters of the 'crypted' password. $1 is MD5, $2 is Blowfish (I think), the othere type is DES. On FreeBSD the DES libraries. libdescrypt is the DES+MD5 library. The other libscrypt is the "Export Controlled" MD5 only library. Currently I have vpopmail+mysql authenticating successfully for BOTH MD5 and DES passwords concurrently with no hitches. This is using the libdescrypt library. If you want to play with the functionality of the libraries I suggest using perl in a script like this to see the effects. #!/usr/bin/perl if(!$ARGV[1]) { print "USAGE: <script> <password> <salt>\n"; } print "DES Pass: ".crypt($ARGV[0],"$ARGV[1]")."\n"; print "MD5 Pass: ".crypt($ARGV[0],"\$1\$$ARGV[1]\$")."\n";