fichier /etc/dovecot/conf.d/10-auth.conf :
> ##
> ## Authentication processes
> ##
> # Disable LOGIN command and all other plaintext authentications unless
> # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
> # matches the local IP (ie. you're connecting from the same computer), the
> # connection is considered secure and plaintext authentication is allowed.
> #disable_plaintext_auth = yes
> # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
> # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
> #auth_cache_size = 0
> # Time to live for cached data. After TTL expires the cached record is no
> # longer used, *except* if the main database lookup returns internal failure.
> # We also try to handle password changes automatically: If user's previous
> # authentication was successful, but this one wasn't, the cache isn't used.
> # For now this works only with plaintext authentication.
> #auth_cache_ttl = 1 hour
> # TTL for negative hits (user not found, password mismatch).
> # 0 disables caching them completely.
> #auth_cache_negative_ttl = 1 hour
> # Space separated list of realms for SASL authentication mechanisms that need
> # them. You can leave it empty if you don't want to support multiple realms.
> # Many clients simply use the first one listed here, so keep the default realm
> # first.
> #auth_realms =
> # Default realm/domain to use if none was specified. This is used for both
> # SASL realms and appending @domain to username in plaintext logins.
> #auth_default_realm =
> # List of allowed characters in username. If the user-given username contains
> # a character not listed in here, the login automatically fails. This is just
> # an extra check to make sure user can't exploit any potential quote escaping
> # vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
> # set this value to empty.
> #auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
> # Username character translations before it's looked up from databases. The
> # value contains series of from -> to characters. For example "#@/@" means
> # that '#' and '/' characters are translated to '@'.
> #auth_username_translation =
> # Username formatting before it's looked up from databases. You can use
> # the standard variables here, eg. %Lu would lowercase the username, %n would
> # drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
> # "-AT-". This translation is done after auth_username_translation changes.
> #auth_username_format = %Lu
> # If you want to allow master users to log in by specifying the master
> # username within the normal username string (ie. not using SASL mechanism's
> # support for it), you can specify the separator character here. The format
> # is then <username><separator><master username>. UW-IMAP uses "*" as the
> # separator, so that could be a good choice.
> #auth_master_user_separator =
> # Username to use for users logging in with ANONYMOUS SASL mechanism
> #auth_anonymous_username = anonymous
> # Maximum number of dovecot-auth worker processes. They're used to execute
> # blocking passdb and userdb queries (eg. MySQL and PAM). They're
> # automatically created and destroyed as needed.
> #auth_worker_max_count = 30
> # Host name to use in GSSAPI principal names. The default is to use the
> # name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
> # entries.
> #auth_gssapi_hostname =
> # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
> # default (usually /etc/krb5.keytab) if not specified. You may need to change
> # the auth service to run as root to be able to read this file.
> #auth_krb5_keytab =
> # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
> # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
> #auth_use_winbind = no
> # Path for Samba's ntlm_auth helper binary.
> #auth_winbind_helper_path = /usr/bin/ntlm_auth
> # Time to delay before replying to failed authentications.
> #auth_failure_delay = 2 secs
> # Require a valid SSL client certificate or the authentication fails.
> #auth_ssl_require_client_cert = no
> # Take the username from client's SSL certificate, using
> # X509_NAME_get_text_by_NID() which returns the subject's DN's
> # CommonName.
> #auth_ssl_username_from_cert = no
> # Space separated list of wanted authentication mechanisms:
> # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
> # gss-spnego
> # NOTE: See also disable_plaintext_auth setting.
> auth_mechanisms = plain
> ##
> ## Password and user databases
> ##
> #
> # Password database is used to verify user's password (and nothing more).
> # You can have multiple passdbs and userdbs. This is useful if you want to
> # allow both system users (/etc/passwd) and virtual users to login without
> # duplicating the system users into virtual database.
> #
> # <doc/wiki/PasswordDatabase.txt>
> #
> # User database specifies where mails are located and what user/group IDs
> # own them. For single-UID configuration use "static" userdb.
> #
> # <doc/wiki/UserDatabase.txt>
> #!include auth-deny.conf.ext
> #!include auth-master.conf.ext
> #!include auth-system.conf.ext
> !include auth-sql.conf.ext
> #!include auth-ldap.conf.ext
> #!include auth-passwdfile.conf.ext
> #!include auth-checkpassword.conf.ext
> #!include auth-vpopmail.conf.ext
> #!include auth-static.conf.ext
fichier /etc/dovecot/dovecot-sql.conf.ext :
> # This file is opened as root, so it should be owned by root and mode 0600.
> #
> # http://wiki2.dovecot.org/AuthDatabase/SQL
> #
> # For the sql passdb module, you'll need a database with a table that
> # contains fields for at least the username and password. If you want to
> # use the user@domain syntax, you might want to have a separate domain
> # field as well.
> #
> # If your users all have the same uig/gid, and have predictable home
> # directories, you can use the static userdb module to generate the home
> # dir based on the username and domain. In this case, you won't need fields
> # for home, uid, or gid in the database.
> #
> # If you prefer to use the sql userdb module, you'll want to add fields
> # for home, uid, and gid. Here is an example table:
> #
> # CREATE TABLE users (
> # username VARCHAR(128) NOT NULL,
> # domain VARCHAR(128) NOT NULL,
> # password VARCHAR(64) NOT NULL,
> # home VARCHAR(255) NOT NULL,
> # uid INTEGER NOT NULL,
> # gid INTEGER NOT NULL,
> # active CHAR(1) DEFAULT 'Y' NOT NULL
> # );
> # Database driver: mysql, pgsql, sqlite
> #driver =
> # Database connection string. This is driver-specific setting.
> #
> # HA / round-robin load-balancing is supported by giving multiple host
> # settings, like: host=sql1.host.org host=sql2.host.org
> #
> # pgsql:
> # For available options, see the PostgreSQL documention for the
> # PQconnectdb function of libpq.
> # Use maxconns=n (default 5) to change how many connections Dovecot can
> # create to pgsql.
> #
> # mysql:
> # Basic options emulate PostgreSQL option names:
> # host, port, user, password, dbname
> #
> # But also adds some new settings:
> # client_flags - See MySQL manual
> # ssl_ca, ssl_ca_path - Set either one or both to enable SSL
> # ssl_cert, ssl_key - For sending client-side certificates to server
> # ssl_cipher - Set minimum allowed cipher security (default: HIGH)
> # option_file - Read options from the given file instead of
> # the default my.cnf location
> # option_group - Read options from the given group (default: client)
> #
> # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
> # Note that currently you can't use spaces in parameters.
> #
> # sqlite:
> # The path to the database file.
> #
> # Examples:
> # connect = host=192.168.1.1 dbname=users
> # connect = host=sql.example.com dbname=virtual user=virtual password=blarg
> # connect = /etc/dovecot/authdb.sqlite
> #
> #connect =
> # Default password scheme.
> #
> # List of supported schemes is in
> # http://wiki2.dovecot.org/Authentication/PasswordSchemes
> #
> #default_pass_scheme = MD5
> # passdb query to retrieve the password. It can return fields:
> # password - The user's password. This field must be returned.
> # user - user@domain from the database. Needed with case-insensitive lookups.
> # username and domain - An alternative way to represent the "user" field.
> #
> # The "user" field is often necessary with case-insensitive lookups to avoid
> # e.g. "name" and "nAme" logins creating two different mail directories. If
> # your user and domain names are in separate fields, you can return "username"
> # and "domain" fields instead of "user".
> #
> # The query can also return other fields which have a special meaning, see
> # http://wiki2.dovecot.org/PasswordDatabase/ExtraFields
> #
> # Commonly used available substitutions (see http://wiki2.dovecot.org/Variables
> # for full list):
> # %u = entire user@domain
> # %n = user part of user@domain
> # %d = domain part of user@domain
> #
> # Note that these can be used only as input to SQL query. If the query outputs
> # any of these substitutions, they're not touched. Otherwise it would be
> # difficult to have eg. usernames containing '%' characters.
> #
> # Example:
> # password_query = SELECT userid AS user, pw AS password \
> # FROM users WHERE userid = '%u' AND active = 'Y'
> #
> #password_query = \
> # SELECT username, domain, password \
> # FROM users WHERE username = '%n' AND domain = '%d'
> # userdb query to retrieve the user information. It can return fields:
> # uid - System UID (overrides mail_uid setting)
> # gid - System GID (overrides mail_gid setting)
> # home - Home directory
> # mail - Mail location (overrides mail_location setting)
> #
> # None of these are strictly required. If you use a single UID and GID, and
> # home or mail directory fits to a template string, you could use userdb static
> # instead. For a list of all fields that can be returned, see
> # http://wiki2.dovecot.org/UserDatabase/ExtraFields
> #
> # Examples:
> # user_query = SELECT home, uid, gid FROM users WHERE userid = '%u'
> # user_query = SELECT dir AS home, user AS uid, group AS gid FROM users where userid = '%u'
> # user_query = SELECT home, 501 AS uid, 501 AS gid FROM users WHERE userid = '%u'
> #
> #user_query = \
> # SELECT home, uid, gid \
> # FROM users WHERE username = '%n' AND domain = '%d'
> # If you wish to avoid two SQL lookups (passdb + userdb), you can use
> # userdb prefetch instead of userdb sql in dovecot.conf. In that case you'll
> # also have to return userdb fields in password_query prefixed with "userdb_"
> # string. For example:
> #password_query = \
> # SELECT userid AS user, password, \
> # home AS userdb_home, uid AS userdb_uid, gid AS userdb_gid \
> # FROM users WHERE userid = '%u'
> # Query to get a list of all usernames.
> #iterate_query = SELECT username AS user FROM users
> driver = mysql
> connect = host=127.0.0.1 dbname=postfixadmin user=hostmaster password=mon_password
> password_query = SELECT username,domain,password FROM mailbox WHERE username='%u';
je lui ai donné le nom de domaine et ça a marché après l’avoir dé-commenté bien sur je suis trop content ça fait une semaine que je cherche la solution et maintenant je reçois même sur thundirbird 