iRedMail
// Document IndexThis tutorial is available in other languages
简体中文 /
- SSHA512 is recommended for SQL backends, don't use MD5 unless you have a reason.
- BCRYPT is recommended for SQL backens on BSD systems.
With MySQL or PostgreSQL backends, you can generate a password hash with
openssl or doveadm command first, then replace old one with this newly
generated one.
For example: generate a SSHA512 password hash with doveadm:
$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
To generate a salted MD5 password hash, you can use doveadm or openssl:
# doveadm pw -s 'MD5' -p '123456' | awk -F'{MD5}' '{print $2}'
$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0
# openssl passwd -1 123456
$1$fnWOb5X8$Ed6FYg9CLuWuUQplnwOQK/
Important note: SOGo groupware doesn't support salted MD5 hash without a prefix, so if you're going to use MD5 password hash with SOGo, please prepend
{CRYPT}prefix in password hash. For example,{CRYPT}$1$TDG8oXHb$6YB9NO5NZaZxku0xv6RsW0.
user@domain.ltd:sql> USE vmail;
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
tools, SSHA is preferred if you have other applications to authenticate
users against OpenLDAP.
It's ok to use plain password temporarily, then login to Roundcube webmail or iRedAdmin-Pro (with self-service enabled) to reset password immediately. For example:
sql> USE vmail;
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
All documents are available in BitBucket repository, and published under Creative Commons license. You can download the latest version for offline reading. If you found something wrong, please do contact us to fix it.