david.madman2 at vfemail.net
2017-Jul-23 15:50 UTC
Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
Hello, I am using version 2.2.31 (65cde28) on an Ubuntu 16.04 VPS. I am attempting to setup a mail server using a flat file system as an experiment. I am able to send e-mail from external domain names and the messages land in my /var/mail/vmail/domain/user/ directories. I am trying to setup Thunderbird as an MUA using the information I generated on my VPS namely the IMAP server, username at domain.com, password, and SMTP server. IMAP server - www.domain.com SMTP server - www.domain.com Username - created in /etc/postfix/virtual-mailbox-users.db and /etc/dovecot/passwd.db Password - created by dovadm pw -s SHA256 and entered (along with the username) in /etc/dovecot/passwd.db I enter this information into "new accounts" in Thunderbird and select STARTTLS with ports 143 (IMAP) and 587 (SMTP). (I have experimented with a variety of other combinations too). I click "Done" which transmits the information to the domain server to verify the details. My /var/log/mail.log shows: Jul 22 18:40:48 www dovecot: auth: Error: passwd-file(test at domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>): Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32) Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: Error: passwd-file(test at domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>): Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32)] Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, 3 attempts in 14 secs): user=<test at domain.com>, method=PLAIN, rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, session=<fGoHUuxU6IAu9j4y> What does "Password data is not valid for scheme SHA256: Input length isn't valid (0 instead of 32)]" mean? I assume that there is some kind of a mismatch between the way I generated the password with doveadm and entered it in passwd.db and the way I entered the non-hashed password into the password field in the new account section of Thunderbird. Is there a way to resolve this issue? My dovecot -n is below. You will note that the passdb section does have the scheme as SHA256. Many thanks. # 2.2.31 (65cde28): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.19 (e5c7051) # OS: Linux 4.4.0-83-generic x86_64 Ubuntu 16.04.2 LTS ext4 auth_mechanisms = plain login auth_verbose = yes mail_home = /var/mail/vmail/%d/%n mail_location = maildir:/var/mail/vmail/%d/%n/mail:LAYOUT=fs managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix } passdb { args = username_format=%u scheme=SHA256 /etc/dovecot/passwd.db driver = passwd-file } plugin { sieve = file:~/sieve;active=~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/letsencrypt/live/www.domain.com/fullchain.pem ssl_cipher_list = ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM ssl_key = # hidden, use -P to show it userdb { args = uid=5000 gid=5000 home=/var/mail/vmail/%d/%n driver = static } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster at domain.com quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r } ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Alexander Dalloz
2017-Jul-23 17:30 UTC
Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
Am 23.07.2017 um 17:50 schrieb david.madman2 at vfemail.net:> My /var/log/mail.log shows: > > Jul 22 18:40:48 www dovecot: auth: Error: > passwd-file(test at domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>): Password > data is not valid for scheme SHA256: Input length isn't valid (0 instead > of 32) > Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: Error: > passwd-file(test at domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>): Password > data is not valid for scheme SHA256: Input length isn't valid (0 instead > of 32)] > Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, 3 > attempts in 14 secs): user=<test at domain.com>, method=PLAIN, > rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, session=<fGoHUuxU6IAu9j4y> > > What does "Password data is not valid for scheme SHA256: Input length > isn't valid (0 instead of 32)]" mean? I assume that there is some kind > of a mismatch between the way I generated the password with doveadm and > entered it in passwd.db and the way I entered the non-hashed password > into the password field in the new account section of Thunderbird.It means that dovecot expacts to verify a 32 byte long password hash. What it detects has a size of 0 byte. You haven't shown an example line of your passwd.db file, but I would guess you build it up not correct. See https://wiki.dovecot.org/Authentication/PasswordSchemes Alexander
david.madman2 at vfemail.net
2017-Jul-23 22:02 UTC
Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
Quoting Alexander Dalloz <ad+lists at uni-x.org>:> Am 23.07.2017 um 17:50 schrieb david.madman2 at vfemail.net: >> My /var/log/mail.log shows: >> >> Jul 22 18:40:48 www dovecot: auth: Error: >> passwd-file(test at domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>): >> Password data is not valid for scheme SHA256: Input length isn't >> valid (0 instead of 32) >> Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: >> Error: >> passwd-file(test at domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>): >> Password data is not valid for scheme SHA256: Input length isn't >> valid (0 instead of 32)] >> Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, >> 3 attempts in 14 secs): user=<test at domain.com>, method=PLAIN, >> rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, >> session=<fGoHUuxU6IAu9j4y> >> >> What does "Password data is not valid for scheme SHA256: Input >> length isn't valid (0 instead of 32)]" mean? I assume that there is >> some kind of a mismatch between the way I generated the password >> with doveadm and entered it in passwd.db and the way I entered the >> non-hashed password into the password field in the new account >> section of Thunderbird. > > It means that dovecot expacts to verify a 32 byte long password > hash. What it detects has a size of 0 byte. You haven't shown an > example line of your passwd.db file, but I would guess you build it > up not correct. > > See > > https://wiki.dovecot.org/Authentication/PasswordSchemes > > AlexanderThank you for your reply. My /etc/dovecot/passwd.db shows: test at domain.com: {SHA256}tdA2DIOZhwLOKVxA2WiOY0oy9GB8A6baW/okY+DTFi0 I'm not sure what could be wrong with this file. It is a plain text file created in vim. Permissions: -rw-r--r-- 1 root root 70 Jul 23 19:14 /etc/dovecot/passwd.db In Thunderbird, I simply enter the text equivalent of the SHA256 in the "password" field when creating a new account. Do you - or anyone else - have another suggestion? Many thanks! ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
david.madman2 at vfemail.net
2017-Jul-23 22:18 UTC
Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
Quoting Alexander Dalloz <ad+lists at uni-x.org>:> Am 23.07.2017 um 17:50 schrieb david.madman2 at vfemail.net: >> My /var/log/mail.log shows: >> >> Jul 22 18:40:48 www dovecot: auth: Error: >> passwd-file(test at domain.com,46.xxx.xxx.xxx,<wZoHUuxU6IAu9j4y>): >> Password data is not valid for scheme SHA256: Input length isn't >> valid (0 instead of 32) >> Jul 22 18:41:00 www dovecot: message repeated 2 times: [ auth: >> Error: >> passwd-file(test at domain.com,46.xxx.xxx.xxx,<fGoHUuxU6IAu9j4y>): >> Password data is not valid for scheme SHA256: Input length isn't >> valid (0 instead of 32)] >> Jul 22 18:41:02 www dovecot: imap-login: Disconnected (auth failed, >> 3 attempts in 14 secs): user=<test at domain.com>, method=PLAIN, >> rip=46.xxx.xxx.xxx, lip=139.xxx.xxx.xxx, TLS, >> session=<fGoHUuxU6IAu9j4y> >> >> What does "Password data is not valid for scheme SHA256: Input >> length isn't valid (0 instead of 32)]" mean? I assume that there is >> some kind of a mismatch between the way I generated the password >> with doveadm and entered it in passwd.db and the way I entered the >> non-hashed password into the password field in the new account >> section of Thunderbird. > > It means that dovecot expacts to verify a 32 byte long password > hash. What it detects has a size of 0 byte. You haven't shown an > example line of your passwd.db file, but I would guess you build it > up not correct. > > See > > https://wiki.dovecot.org/Authentication/PasswordSchemes > > AlexanderJust to add to my previous message: I modified the args= in the passdb section of /etc/dovecot/passwd.db from SHA256 to SHA256-CRYPT which gave a different error when I tried to do the same creation of the account in Thunderbird. The new error is: Jul 23 22:12:23 www dovecot: auth: passwd-file(test at domain.com,46.xxx.xxx.xxx,<u4CLZBNVys4u8ic/>): Password mismatch ------------------------------------------------- ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands! $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options!
Possibly Parallel Threads
- Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
- Strange Error: Password data is not valid for scheme SHA256. Please help me resolve it.
- CRYPT scheme and 8 character limit
- Fatal: Unknown scheme: SHA512-CRYPT. On a Mac-mini
- md5_verify(...): Not a valid MD5-CRYPT or PLAIN-MD5 password