1

Topic: Master user instructions need security update

The wiki entry for setting up a master user http://www.iredmail.org/wiki/index.php? … aster.User mentions that it is now a simple process. However, it recommends using htpasswd to generate the password file. This produces either insecure, or incompatible hashes for dovecot.

However, one can generate secure, salted SSHA512 hashes with doveadm as per http://wiki2.dovecot.org/Authentication/PasswordSchemes :

doveadm pw -s SSHA512

This can then be used in the dovecot-master-users-password, e.g.

echo -n "username:" >> dovecot-master-users-password && doveadm pw -s SSHA512 >> dovecot-master-users-password

Remembering the colon after the username, or constructing the entry in the password file yourself after running `doveadm pw`.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Master user instructions need security update

You're right. I updated the document (wiki document was removed):
http://www.iredmail.org/docs/dovecot.master.user.html

3

Re: Master user instructions need security update

That's great, thanks!