Hello list A user reports failure to log in after password change. The client side error message indicates a lost or dropped connection by the server. A peek into the server logs reveales this: dovecot: imap(user at example.com)<53267><el0HoZGqHIdb0K2G>: Error: Failed to expand plugin setting plain_pass = 'asdf%?asdf': Unknown variable '%?' This looks a lot like a %-variable in the user provided password is tried to be expanded... Is this a bug or did I misconfigure something? output of dovecot -n is attached. regards lukn -------------- next part -------------- # 2.3.10.1 (a3d0e1171): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.10 (67bf5bd7) # OS: Linux 2.6.32-754.29.2.el6.x86_64 x86_64 CentOS release 6.10 (Final) auth_master_user_separator = * auth_mechanisms = plain login auth_policy_hash_nonce = # hidden, use -P to show it auth_policy_request_attributes = login=%{requested_username} pwhash=%{hashed_password} remote=%{rip} device_id=%{client_id} protocol=%s attrs/local_ip=%{lip} auth_policy_server_api_header = Authorization: Basic asdfasdfasdf auth_policy_server_url = http://wforce.example.com:8084/ auth_verbose = yes auth_verbose_passwords = sha1 default_client_limit = 6000 default_vsz_limit = 2 G dict { acl = mysql:/etc/dovecot/dovecot-dict-shares.conf quotadict = mysql:/etc/dovecot/dovecot-dict-quota.conf } disable_plaintext_auth = no doveadm_password = # hidden, use -P to show it listen = * login_greeting = Fumail Dovecot ready. mail_max_userip_connections = 100 mail_plugins = " quota notify replication" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { list = children location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u prefix = shared/%%u/ separator = / subscriptions = no type = shared } namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = / type = private } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { acl = vfile:/etc/dovecot/acls acl_shared_dict = proxy::acl mail_replica = tcp:replicationpartner:1337 quota = dict:::proxy::quotadict quota_grace = 10%% quota_rule = *:storage=10M:messages=1000 quota_rule2 = Spam:ignore quota_rule3 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=75%% quota-warning 75 %u sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = pop3 imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { user = fumail } unix_listener replication-notify { user = fumail } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = fumail mode = 0660 user = fumail } user = root } service dict { unix_listener dict { mode = 0600 user = fumail } } service doveadm { inet_listener { port = 1337 } } service imap-login { process_limit = 256 } service imap { client_limit = 1 process_min_avail = 16 service_count = 0 vsz_limit = 2 G } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service managesieve { vsz_limit = 2 G } service pop3 { client_limit = 1 vsz_limit = 2 G } service quota-warning { executable = script /usr/local/bin/quotawarning.py unix_listener quota-warning { mode = 0666 user = fumail } user = fumail } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0666 } } ssl_ca = </etc/pki/tls/certs/adfasdf.crt ssl_cert = </etc/pki/tls/certs/asdfasdf.crt ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { imap_client_workarounds = mail_plugins = " quota notify replication acl imap_acl quota imap_quota" } protocol pop3 { mail_plugins = " quota notify replication quota" pop3_uidl_format = %08Xu%08Xv } protocol sieve { managesieve_logout_format = bytes ( in=%i : out=%o ) } protocol lmtp { deliver_log_format = from=<%f> msgid=%m action=<%$> subject=%s mail_plugins = " quota notify replication sieve quota" postmaster_address = postmaster at example.com quota_full_tempfail = yes }