Skip to content

How to Fix Dovecot Authentication Error

DodaTech Updated 2026-06-24 2 min read

In this tutorial, you'll learn about How to Fix Dovecot Authentication Error. We cover key concepts, practical examples, and best practices.

Dovecot returns Authentication failed or Login failed for valid user credentials — the auth database is misconfigured or the password mechanism is not supported.

The Problem

Jun 24 10:00:00 mail dovecot[1234]: auth-worker(1235): Error: pam(user@example.com, 10.0.0.1): pam_authenticate() failed: Authentication failure
Jun 24 10:00:00 mail dovecot[1234]: imap-login: Login failed (auth failed, 1 attempts): user=<user@example.com>, method=PLAIN, rip=10.0.0.1

Step-by-Step Fix

Step 1: Test authentication directly

sudo doveadm auth test user@example.com
# Enter password when prompted

Step 2: Check auth mechanism

# /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
# Add scram-sha-256 for better security:
# auth_mechanisms = plain login scram-sha-256

Step 3: Verify PAM configuration

# /etc/pam.d/dovecot
auth    required        pam_unix.so nullok
account required        pam_unix.so

Step 4: Check user database

# /etc/dovecot/conf.d/auth-system.conf.ext
passdb {
    driver = pam
}

userdb {
    driver = passwd
}

Step 5: Set password scheme

# /etc/dovecot/conf.d/auth-password.conf.ext
# Default password scheme
default_pass_scheme = SHA256-CRYPT

Step 6: Test with doveadm

sudo doveadm auth test user@example.com password

Expected:

passdb: user@example.com auth succeeded

Prevention Tips

  • Use doveadm auth test to verify passwords
  • Enable auth debugging in /etc/dovecot/conf.d/10-logging.conf: auth_verbose = yes
  • Use SHA256-CRYPT or ARGON2 for password hashing
  • Synchronize system users with Dovecot user database

Common Mistakes with auth error

  1. Non-exhaustive pattern matches that compile with warnings then crash at runtime
  2. Misunderstanding that String is [Char] with poor performance for large text operations
  3. Using foldl instead of foldl' causing stack overflow on large lists

These mistakes appear frequently in real-world DOVECOT code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

### Why does Dovecot say "Authentication failed" for valid system users?

The PAM service might not be configured for Dovecot. Create /etc/pam.d/dovecot with auth required pam_unix.so and account required pam_unix.so. Ensure the dovecot user can read /etc/shadow by adding it to the shadow group.

How do I enable more detailed auth logging in Dovecot?

Set auth_verbose = yes and auth_debug = yes in /etc/dovecot/conf.d/10-logging.conf. Restart Dovecot and check /var/log/dovecot/*.log for detailed authentication attempt information.

What password schemes does Dovecot support?

Dovecot supports PLAIN, CRAM-MD5, DIGEST-MD5, SCRAM-SHA-1, SCRAM-SHA-256, SHA256-CRYPT, SSHA, ARGON2, and many more. Use SHA256-CRYPT or ARGON2 for secure password storage. The scheme is detected automatically from the password format.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro