Re: [vchkpw] vpopmail + dovecot

2011-02-17 Thread Sérgio Rosa

Hi Remo,

thank you. It didn't work. I whent back to vpopmail driver and now it is 
working


As Matt refered all I had to change was this:
10-mail.conf:mail_uid = 89
10-mail.conf:mail_gid = 89
10-mail.conf:first_valid_uid = 89
10-mail.conf:last_valid_gid = 89

and magic happend. IMAP is working like a sharm.



On 17-02-2011 13:56, Remo Mattei wrote:

here is mine..

cat /usr/local/etc/dovecot.conf
protocols = imap imaps
listen = *
verbose_proctitle = yes
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7  #<-- Ensure this is set up in syslog 
conf

ssl = yes
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting =  Italy1 Server   # <-- CUSTOMISE FOR YOUR 
SITE

#default_mail_env = maildir:%h/Maildir
ssl_cert_file =  /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file =   /etc/pki/dovecot/private/dovecot.pem
first_valid_uid = 89
first_valid_gid = 89
#mail_location = maildir:~/Maildir


protocol imap {
listen = *:143
ssl_listen = *:993
  #mail_plugins = quota imap_quota
  #login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
  imap_client_workarounds = outlook-idle
}


auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
passdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb prefetch {
}
userdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb static {
args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%u
}
count = 1
}
 


--
*AWD
*arquitectura web e design, lda
rua do moinho velho, 19 2ºdto
2655-242 ericeira

tlm +351 913 489 195
mail sergior...@awd.pt 
url http://www.awd.pt



!DSPAM:4d5d57c332711838152494!


Re: [vchkpw] vpopmail + dovecot

2011-02-17 Thread Remo Mattei
here is mine..

cat /usr/local/etc/dovecot.conf
protocols = imap imaps
listen = *
verbose_proctitle = yes
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7  #<-- Ensure this is set up in syslog conf
ssl = yes
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting =  Italy1 Server   # <-- CUSTOMISE FOR YOUR SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file =  /etc/pki/dovecot/certs/dovecot.pem
ssl_key_file =   /etc/pki/dovecot/private/dovecot.pem
first_valid_uid = 89
first_valid_gid = 89
#mail_location = maildir:~/Maildir


protocol imap {
	listen = *:143
	ssl_listen = *:993
  #mail_plugins = quota imap_quota
  #login_greeting_capability = no
	mail_plugin_dir = /usr/local/lib/dovecot/imap
  imap_client_workarounds = outlook-idle
}


auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
 auth default {
passdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb prefetch {
}
userdb checkpassword {
args = /home/vpopmail/bin/vchkpw
}
userdb static {
args = uid=89 gid=89 home=/home/vpopmail/domains/%d/%u
}
count = 1
}

!DSPAM:4d5d290f32711146215926!






Re: [vchkpw] vpopmail + dovecot

2011-02-17 Thread Remo Mattei
I will send you mine later today 

Remo

Inviato da iPhone

Il giorno 17/feb/2011, alle ore 18:27, Sérgio Rosa  ha 
scritto:

> 
> 
> On 17-02-2011 01:03, Matt Brookings wrote:
>> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>> 
>> On 2/16/2011 6:46 PM, Sergio Rosa wrote:
>>> Matt,
>>> 
>>> i've some posts you made regarding using the vpopmail driver, however i 
>>> found nothing explaining how to do it. I did a lot of googling but whitout 
>>> success (or right search words).
>>> 
>>> Can you detail/explain how to use/configure it?
>> 2.0.9's default configs work with vpopmail already.  All you have to do is 
>> include the vpopmail.conf.ext at the bottom of 10-auth.conf, and set the 
>> proper first_valid_uid/first_valid_gid in 10-mail.conf to the 
>> vpopmail:vchkpw IDs.
>> 
>> You do not need to compile MySQL support into Dovecot, because the vpopmail 
>> driver handles whichever backend you have selected.
>> 
>> Try that.  If you're still having problems, please post logs detailing the 
>> problems Dovecot is having.  Enable debugging in 10-logging.conf.
>> - -- 
>> /*
>> Matt BrookingsGnuPG Key FAE0672C
>> Software developer Systems technician
>> Inter7 Internet Technologies, Inc. (815)776-9465
>> */
>> -BEGIN PGP SIGNATURE-
>> Version: GnuPG v1.4.10 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>> 
>> iEYEARECAAYFAk1cc/EACgkQIwet2/rgZyyBVQCgiGAjDSgl4wyhLjzlygFsNOcY
>> iycAn07JPdo5KWfYYPuJHnU6v4uSAVeX
>> =4Ttt
>> -END PGP SIGNATURE-
> still no success. 
> 
> Feb 17 10:18:40 mail-srv dovecot: master: Dovecot v2.0.9 starting up (core 
> dumps disabled)
> Feb 17 10:19:02 mail-srv dovecot: auth: Debug: Loading modules from 
> directory: /usr/local/lib/dovecot/auth
> Feb 17 10:19:02 mail-srv dovecot: auth: Fatal: Support not compiled in for 
> passdb driver 'pam'
> Feb 17 10:19:02 mail-srv dovecot: master: Error: service(auth): command 
> startup failed, throttling
> Feb 17 10:19:37 mail-srv dovecot: imap-login: Error: Timeout waiting for 
> handshake from auth server. my pid=26497, input bytes=0
> Feb 17 10:20:02 mail-srv dovecot: master: Error: service(auth): command 
> startup failed, throttling
> Feb 17 10:20:02 mail-srv dovecot: log: Error: service(auth): child 26529 
> returned error 89 (Fatal failure)
> 
> It seems that it is not connecting to mysql backend. SELinux is disable, 
> ,mysql is running locally.
> 
> Thanks
> 
> 
> 


!DSPAM:4d5d027b32713363818646!


Re: [vchkpw] vpopmail + dovecot

2011-02-17 Thread Sérgio Rosa



On 17-02-2011 01:03, Matt Brookings wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2/16/2011 6:46 PM, Sergio Rosa wrote:

Matt,

i've some posts you made regarding using the vpopmail driver, however i found 
nothing explaining how to do it. I did a lot of googling but whitout success 
(or right search words).

Can you detail/explain how to use/configure it?

2.0.9's default configs work with vpopmail already.  All you have to do is 
include the vpopmail.conf.ext at the bottom of 10-auth.conf, and set the proper 
first_valid_uid/first_valid_gid in 10-mail.conf to the vpopmail:vchkpw IDs.

You do not need to compile MySQL support into Dovecot, because the vpopmail 
driver handles whichever backend you have selected.

Try that.  If you're still having problems, please post logs detailing the 
problems Dovecot is having.  Enable debugging in 10-logging.conf.
- -- 
/*

 Matt BrookingsGnuPG Key FAE0672C
 Software developer Systems technician
 Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1cc/EACgkQIwet2/rgZyyBVQCgiGAjDSgl4wyhLjzlygFsNOcY
iycAn07JPdo5KWfYYPuJHnU6v4uSAVeX
=4Ttt
-END PGP SIGNATURE-

still no success.

Feb 17 10:18:40 mail-srv dovecot: master: Dovecot v2.0.9 starting up 
(core dumps disabled)
Feb 17 10:19:02 mail-srv dovecot: auth: Debug: Loading modules from 
directory: /usr/local/lib/dovecot/auth
Feb 17 10:19:02 mail-srv dovecot: auth: Fatal: Support not compiled in 
for passdb driver 'pam'
Feb 17 10:19:02 mail-srv dovecot: master: Error: service(auth): command 
startup failed, throttling
Feb 17 10:19:37 mail-srv dovecot: imap-login: Error: Timeout waiting for 
handshake from auth server. my pid=26497, input bytes=0
Feb 17 10:20:02 mail-srv dovecot: master: Error: service(auth): command 
startup failed, throttling
Feb 17 10:20:02 mail-srv dovecot: log: Error: service(auth): child 26529 
returned error 89 (Fatal failure)


It seems that it is not connecting to mysql backend. SELinux is disable, 
,mysql is running locally.


Thanks




!DSPAM:4d5cf81532711895971367!


Re: [vchkpw] vpopmail + dovecot

2011-02-16 Thread Matt Brookings
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2/16/2011 6:46 PM, Sergio Rosa wrote:
> Matt,
> 
> i've some posts you made regarding using the vpopmail driver, however i found 
> nothing explaining how to do it. I did a lot of googling but whitout success 
> (or right search words).
> 
> Can you detail/explain how to use/configure it?

2.0.9's default configs work with vpopmail already.  All you have to do is 
include the vpopmail.conf.ext at the bottom of 10-auth.conf, and set the proper 
first_valid_uid/first_valid_gid in 10-mail.conf to the vpopmail:vchkpw IDs.

You do not need to compile MySQL support into Dovecot, because the vpopmail 
driver handles whichever backend you have selected.

Try that.  If you're still having problems, please post logs detailing the 
problems Dovecot is having.  Enable debugging in 10-logging.conf.
- -- 
/*
Matt BrookingsGnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1cc/EACgkQIwet2/rgZyyBVQCgiGAjDSgl4wyhLjzlygFsNOcY
iycAn07JPdo5KWfYYPuJHnU6v4uSAVeX
=4Ttt
-END PGP SIGNATURE-


Re: [vchkpw] vpopmail + dovecot

2011-02-16 Thread Sergio Rosa

Matt,

i've some posts you made regarding using the vpopmail driver, however i 
found nothing explaining how to do it. I did a lot of googling but 
whitout success (or right search words).


Can you detail/explain how to use/configure it?

Thank you

On 17/02/2011 00:12, Matt Brookings wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2/16/2011 6:09 PM, Sergio Rosa wrote:

and awd-conf.ext
driver=mysql

Use the vpopmail driver.
- -- 
/*

 Matt BrookingsGnuPG Key FAE0672C
 Software developer Systems technician
 Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1cZ9MACgkQIwet2/rgZyx5eQCfUGWBxX+1Tt39q1hT4QJEU88H
wZgAnRD6ctpblpHTrEr6JHwcS1iwM62D
=AwAG
-END PGP SIGNATURE-




--
*AWD
*arquitectura web e design, lda
rua do moinho velho, 19 2ºdto
2655-242 ericeira

tlm +351 913 489 195
mail sergior...@awd.pt 
url http://www.awd.pt 


!DSPAM:4d5c6fdd32711918854278!


Re: [vchkpw] vpopmail + dovecot

2011-02-16 Thread Matt Brookings
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 2/16/2011 6:09 PM, Sergio Rosa wrote:
> and awd-conf.ext
> driver=mysql

Use the vpopmail driver.
- -- 
/*
Matt BrookingsGnuPG Key FAE0672C
Software developer Systems technician
Inter7 Internet Technologies, Inc. (815)776-9465
*/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk1cZ9MACgkQIwet2/rgZyx5eQCfUGWBxX+1Tt39q1hT4QJEU88H
wZgAnRD6ctpblpHTrEr6JHwcS1iwM62D
=AwAG
-END PGP SIGNATURE-


Re: [vchkpw] vpopmail + dovecot

2011-02-16 Thread Remo Mattei
I will send you mine later today. (traveling now)

Ciao
!DSPAM:4d5c67ae32711350586420!






Re: [vchkpw] vpopmail - dovecot - cluster configuration

2010-01-05 Thread Remo Mattei
Hi there I do not have any problems at all.

Ciao
Remo


On 1/5/10 02:48 , "Juraj Hantak"  wrote:

> Hi,
> 
> Thank you for response.
> 
> My dovecot configuration is almost the same.
> 
> My question is: Is this functionality working at all. Have you tried it?
> 
> Try the situation when the master (write) database go down. (unreachable)
> 
> Are still the other nodes able to log in users (without the information
> about last log in)
> 
> 
> Thanx


!DSPAM:4b435edb32711720515753!



Re: [vchkpw] vpopmail - dovecot - cluster configuration

2010-01-05 Thread Juraj Hantak

Hi,

Thank you for response.

My dovecot configuration is almost the same.

My question is: Is this functionality working at all. Have you tried it?

Try the situation when the master (write) database go down. (unreachable)

Are still the other nodes able to log in users (without the information 
about last log in)



Thanx

--
S pozdravom / best regards

Juraj Hantak



On 4. 1. 2010 16:39, Remo Mattei wrote:

You should have pop and imap for dovecot :)
Not sure your conf is correct here is mine


protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7  #<-- Ensure this is set up in syslog conf
ssl_disable = no
login_user = dovecot
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting =  Italy1 IMAP Server   #<-- CUSTOMISE FOR YOUR
SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /usr/local/etc/ssl/italy1-cert.pem
ssl_key_file = /usr/local/etc/ssl/italy1.pem
first_valid_uid = 89
first_valid_gid = 89

protocol imap {
 listen = *:143
 ssl_listen = *:993
   #mail_plugins = quota imap_quota
   #login_greeting_capability = no
 mail_plugin_dir = /usr/local/lib/dovecot/imap
   imap_client_workarounds = outlook-idle
}


auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
   mechanisms = plain

   # vpopmail authentication
   passdb vpopmail {
 #args =
   }

   # vpopmail
   userdb vpopmail {
   }

   user = root
}

dict {
   #quota = mysql:/etc/dovecot-dict-quota.conf
}

plugin {
   quota = maildir
}



On 1/4/10 02:58 , "Juraj Hantak"  wrote:

   

Hi,

We are using vpopmail - dovecot in a cluster configuration.(
--enable-mysql-replication ) enabled.

Vpopmail is configured to use two connection, (1 for reading 1 for
writing) .

Mysql replications are also configured and working

Using:  vpopmail 5.4.27
dovecot :  1.2.9

Problem:
After the writing connection go down the authorization for users is not
working.

We are getting timeouts for user authorizations.

Please can you confirm that this cluster configuration is working with
dovecot without problem?

We are getting:
dovecot: pop3-login: Can't connect to auth server at default: Resource
temporarily unavailable
at the same time vchkpw running over qmail was working well. (SMTP auth)


In dovecot we have:
auth default {
 mechanisms = plain
 passdb vpopmail {
 }
 userdb vpopmail {
 }
 user = vpopmail
}


With courier imap there was not this problem.

Thank you for any response.
 





   


!DSPAM:4b430afb32712070620025!



Re: [vchkpw] vpopmail - dovecot - cluster configuration

2010-01-04 Thread Remo Mattei
You should have pop and imap for dovecot :)
Not sure your conf is correct here is mine


protocols = imap imaps
listen = *
disable_plaintext_auth = no
shutdown_clients = yes
syslog_facility = local7  #<-- Ensure this is set up in syslog conf
ssl_disable = no
login_user = dovecot
login_dir = /home/dovecot/
login_max_connections = 4096
login_greeting =  Italy1 IMAP Server   # <-- CUSTOMISE FOR YOUR
SITE
#default_mail_env = maildir:%h/Maildir
ssl_cert_file = /usr/local/etc/ssl/italy1-cert.pem
ssl_key_file = /usr/local/etc/ssl/italy1.pem
first_valid_uid = 89
first_valid_gid = 89

protocol imap {
listen = *:143
ssl_listen = *:993
  #mail_plugins = quota imap_quota
  #login_greeting_capability = no
mail_plugin_dir = /usr/local/lib/dovecot/imap
  imap_client_workarounds = outlook-idle
}


auth_process_size = 512
auth_cache_size = 1024
auth_cache_ttl = 3600
auth default {
  mechanisms = plain

  # vpopmail authentication
  passdb vpopmail {
#args =
  }

  # vpopmail
  userdb vpopmail {
  }

  user = root
}

dict {
  #quota = mysql:/etc/dovecot-dict-quota.conf
}

plugin {
  quota = maildir
}



On 1/4/10 02:58 , "Juraj Hantak"  wrote:

> Hi,
> 
> We are using vpopmail - dovecot in a cluster configuration.(
> --enable-mysql-replication ) enabled.
> 
> Vpopmail is configured to use two connection, (1 for reading 1 for
> writing) .
> 
> Mysql replications are also configured and working
> 
> Using:  vpopmail 5.4.27
> dovecot :  1.2.9
> 
> Problem:
> After the writing connection go down the authorization for users is not
> working.
> 
> We are getting timeouts for user authorizations.
> 
> Please can you confirm that this cluster configuration is working with
> dovecot without problem?
> 
> We are getting:
> dovecot: pop3-login: Can't connect to auth server at default: Resource
> temporarily unavailable
> at the same time vchkpw running over qmail was working well. (SMTP auth)
> 
> 
> In dovecot we have:
> auth default {
> mechanisms = plain
> passdb vpopmail {
> }
> userdb vpopmail {
> }
> user = vpopmail
> }
> 
> 
> With courier imap there was not this problem.
> 
> Thank you for any response.


!DSPAM:4b420bb132711237280688!



Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem

2009-12-11 Thread Joshua Megerman

>> Did you perhaps mean to have vpopmail store the user passwords in
>> plain text? I'm just checking, because to me it seems to lower
>> security and it seems to defeat the purpose of working with hashed
>> passwords. Could you please confirm this?
>
> Yes, thats what I meant by my comment. You need the plain text passwords
> in the vpopmail database. Having plain text passwords in the database
> doesn't necessarily lower the security as your database can be on a host
> which is not accessable to anything by the authenticating machine.
>
Just to elaborate on the point, CRAM-MD5 authentication REQUIRES that the
passwords be stored as plaintext, as that's the only way to verify the MD5
hash provided by the client. Server send the seed string, client
concatenates the seed and password (and maybe username, don't remember),
and sends the MD5 hash of that.  Server then concats the seed it sent with
the known plaintext password and compares the MD5 hash it comes up with to
that which the client sends.

It's a tradeoff - keeping plaintext passwords on a (hopefully) secure
server vs allowing the client to send the password in plaintext over the
network (though possibly over an encrypted channel).  I like it, but YMMV.

Josh

Joshua Megerman
SJGames MIB #5273 - OGRE AI Testing Division
You can't win; You can't break even; You can't even quit the game.
  - Layman's translation of the Laws of Thermodynamics
vpopm...@honorablemenschen.com


!DSPAM:4b22669432713716511896!



Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem

2009-12-11 Thread Ro Achterberg

At 16:07 11-12-2009, Shane Chrisp wrote:

Ro Achterberg wrote:




You will need to enable plain text passwords in the database to be 
able to use cram-md5.


In dovecot-sql.conf, I tried setting default_pass_scheme to both 
PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably 
missing the point.


Did you perhaps mean to have vpopmail store the user passwords in 
plain text? I'm just checking, because to me it seems to lower 
security and it seems to defeat the purpose of working with hashed 
passwords. Could you please confirm this?


Yes, thats what I meant by my comment. You need the plain text 
passwords in the vpopmail database. Having plain text passwords in 
the database doesn't necessarily lower the security as your database 
can be on a host which is not accessable to anything by the 
authenticating machine.


Shane


Thanks, I'll be trying that now. I agree with you on the security 
impact if you in fact had the luxury of building a setup like that. 
Unfortuntaly though, my colo box provides for a lot more than just an 
e-mail authentication backend.


I do however have it tightly locked down in a rather complex chrooted 
setup on top of a grsec hardened kernel, so I won't be worrying about 
it too much.


Thanks for your help!

Bye, Ro 



!DSPAM:4b2262ce32718688460864!



Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem

2009-12-11 Thread Shane Chrisp

Ro Achterberg wrote:




You will need to enable plain text passwords in the database to be 
able to use cram-md5.


In dovecot-sql.conf, I tried setting default_pass_scheme to both PLAIN 
and PLAIN-MD5, but none of which seemed to work. I'm probably missing 
the point.


Did you perhaps mean to have vpopmail store the user passwords in 
plain text? I'm just checking, because to me it seems to lower 
security and it seems to defeat the purpose of working with hashed 
passwords. Could you please confirm this?


Yes, thats what I meant by my comment. You need the plain text passwords 
in the vpopmail database. Having plain text passwords in the database 
doesn't necessarily lower the security as your database can be on a host 
which is not accessable to anything by the authenticating machine.


Shane

!DSPAM:4b22602a32711774717678!



Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem

2009-12-11 Thread Ro Achterberg

At 15:36 11-12-2009, Shane Chrisp wrote:

Ro Achterberg wrote:

Hi all,

I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL 
installation and I believe I've run into a problem. Dovecot is 
servicing both IMAP and POP3, using MySQL as the authentication 
middle-man. It seems however that vpopmail is storing its passwords 
as MD5-CRYPT in the MySQL tables, while I want Dovecot to use 
CRAM-MD5. This seems to be the most used authentication scheme by 
far, and I'd like to avoid using PLAIN or LOGIN authentications as 
they're not up to my security standards.


When I try setting default_pass_scheme = CRAM-MD5 in 
dovecot-sql.conf, Dovecot's auth worker complains with the following line:


Dec 11 12:31:52 onion dovecot: auth-worker(default): 
sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected 
scheme CRAM-MD5


Which makes sense, because the passwords are stored as MD5-CRYPT by 
vpopmail. I assume that my setup is not unique in its kind, which 
makes me wonder what I'm doing wrong here! Any insights on how to 
make this work using CRAM-MD5 passwords throughout the whole system 
would be greatly appreciated.


Bye, Ro


You will need to enable plain text passwords in the database to be 
able to use cram-md5.


In dovecot-sql.conf, I tried setting default_pass_scheme to both 
PLAIN and PLAIN-MD5, but none of which seemed to work. I'm probably 
missing the point.


Did you perhaps mean to have vpopmail store the user passwords in 
plain text? I'm just checking, because to me it seems to lower 
security and it seems to defeat the purpose of working with hashed 
passwords. Could you please confirm this?


Bye, Ro 



!DSPAM:4b225df432711468934747!



Re: [vchkpw] vpopmail + Dovecot + CRAM-MD5 problem

2009-12-11 Thread Shane Chrisp

Ro Achterberg wrote:

Hi all,

I'm currently fine-tuning my qmail + vpopmail + Dovecot + MySQL 
installation and I believe I've run into a problem. Dovecot is 
servicing both IMAP and POP3, using MySQL as the authentication 
middle-man. It seems however that vpopmail is storing its passwords as 
MD5-CRYPT in the MySQL tables, while I want Dovecot to use CRAM-MD5. 
This seems to be the most used authentication scheme by far, and I'd 
like to avoid using PLAIN or LOGIN authentications as they're not up 
to my security standards.


When I try setting default_pass_scheme = CRAM-MD5 in dovecot-sql.conf, 
Dovecot's auth worker complains with the following line:


Dec 11 12:31:52 onion dovecot: auth-worker(default): 
sql(r...@greyhat.nl,127.0.0.1): Password in passdb is not in expected 
scheme CRAM-MD5


Which makes sense, because the passwords are stored as MD5-CRYPT by 
vpopmail. I assume that my setup is not unique in its kind, which 
makes me wonder what I'm doing wrong here! Any insights on how to make 
this work using CRAM-MD5 passwords throughout the whole system would 
be greatly appreciated.


Bye, Ro


You will need to enable plain text passwords in the database to be able 
to use cram-md5.


!DSPAM:4b2258e232711690019057!