> On October 27, 2017 at 6:00 PM Admin Beckspaced <ad...@beckspaced.com> wrote: > > > Hello dovecot community, > > I've setup dovecot and need a bit help in understanding the auth > mechanism digest-md5 and realm > > in 10-auth.conf I got > > auth_mechanisms = plain login digest-md5 cram-md5 apop > #auth_realms = > #auth_default_realm = > > So i got empty realms. > > Auth normally works fine and clients can auth with mechanism digest-md5 > and I see the following log entries: > > dovecot: auth: Debug: > sql(u...@temizbau.de,46.85.229.153,<klUjO3FcTy8uVeWZ>): Generating > DIGEST-MD5 from user 'u...@temizbau.de', password 'xxxx' > dovecot: auth: Debug: > sql(u...@gruene-wiesentheid.de,87.168.26.5,<ISVLQXFcT/xXqBoF>): > Generating DIGEST-MD5 from user 'u...@gruene-wiesentheid.de@', password > 'xxxxxxxxxx' > dovecot: auth: Debug: > sql(u...@vitaler-genuss.de,81.209.203.170,<tzxyT3FcT9RR0cuq>): > Generating DIGEST-MD5 from user 'u...@vitaler-genuss.de', password > 'xxxxxxxxxxx' > > But sometimes clients get a password mismatch and I the see the > following log entries: > > dovecot: auth: Debug: > sql(u...@temizbau.de,80.187.103.15,<adzhAnVclmxQu2cP>): Generating > DIGEST-MD5 from user 'u...@temizbau.de@mail.beckspaced.com', password 'xxxx' > dovecot: auth: Debug: > sql(u...@thansadet.com,87.218.86.165,<LWItYHVc6r1X2lal>): Generating > DIGEST-MD5 from user 'u...@thansadet.com@mail.beckspaced.com', password > 'xxxxxxxxxx' > dovecot: auth: Debug: > sql(u...@plaa-thansadetresort.com,110.164.127.146,<aGhcvHBcStJupH+S>): > Generating DIGEST-MD5 from user > 'u...@plaa-thansadetresort.com@imap.beckspaced.com', password 'xxxxxxxxxx' > > when there's a password mismatch I see a different user string for > generating the digest-md5 hash. > i suppose users use a different mail client and the mail client does > things differently? > > How can I fix this password mismatch thing? > > Do i just need to set an auth_realms of some random string in the > 10-auth.conifig > Or does the auth_realms need to be a host name? Domain name of some sort? > > For the moment I just removed the digest-md5 mechanism ... > Or could I just simply not offer that mechanism? > > If someone could shed some light on this I would be more than grateful ;) > > Thanks & greetings > Becki
We actually discovered that Android has a bug with DIGEST-MD5, which Google refuses to fix. Also DIGEST-MD5/CRAM-MD5 etc are not really good idea with SSL anyways. Aki
