I have a dovecot server running on an Ubuntu 14.04 server, which reads the login-data (user/domain/password) from a mysql-database.
The passwords are saved as salted SHA256 hashes. To generate these, I use the command doveadm pw -s SHA512-CRYPT
. According to Dovecot wiki Authentication PasswordSchemes page, the command uses glibcs crypt()
function.
Now, when I use a password without special characters (Uppercase/Lowercase letters and numbers) like "t3st", I can successfully login to the according mail-account. But as soon as the password contains any other characters (e.g. t3$t
), I can't login anymore. doveadm will in both cases return seemingly valid hashes (e.g. $6$iADbo7odiTlVjYgl$fi0X/kIHSUmAHAAiHIsXU6ow3j9dshL9mX.VTCDFOBMt.aV/.ZWpadLk3AFPD30EZ7SiyaqAR66YlTPoeQrcH/
).
I tried logging in to the server via Thunderbird and an web-based mail-interface, with both giving the same error-message in the log-files:
dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs) …
I also tried using the MD5-CRYPT "encryption", with the same results.
Best Answer
The doveadm pw documentation contains the following information:
"You should enclose the password hash in single quotes, if it contains one or more dollar signs ($)."