Moving to new password scheme

@lbutlr kremels at
Tue Jan 24 14:45:08 CET 2017

dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops.

The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube.

How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable.

And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 1000)?

Apple broke AppleScripting signatures in, so no random signatures.

More information about the amavis-users mailing list