==================== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7 MYSQL edition.
- Linux/BSD distribution name and version: FreeBSD 11.0-RELEASE-p1
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL 5.36
- Web server (Apache or Nginx): nginx
- Manage mail accounts with iRedAdmin-Pro? Not yet.
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

What I need

I need a password encryption algorithm that is compatible across all the components of iRedMail. What is the setting that I need to pick for all my passwords all over iRedMail so that everyone can authenticate and SOGo can change passwords in the UI? And which are all the files that I need to change to make that happen?

What's happening

Different components are using slightly different algorithms and formats, so they're not compatible with each other.

Background

This is a relatively fresh install of 0.9.7. I've only installed SOGo, not roundcube. When I look at my vmail.mailboxes database (SELECT `username`,`password` FROM `mailbox` WHERE 1 ) I see these entries:

demopaco@example.com    {CRYPT}$2a$12$F9UWawG...
paco@example.com    {CRYPT}$2a$12$CY8vX0x...
postmaster@example.com    {CRYPT}$2a$12$wCgWCO4...
fred@example.net    {CRYPT}$2a$12$OustP4U...

If I login on SOGo as paco@example.com and change my password using the web interface, it creates an entry like this:

{ssha}okqnKw7EALDvVAbC4b.....

Note the "ssha" instead of "CRYPT" and the lack of an algorithm indicator (like $2a). So now I need to set my password back. I looked at this page:
http://www.iredmail.org/docs/reset.user.password.html

That says to do this:

doveadm pw -s blf-crypt
Enter new password: 
Retype new password: 
{BLF-CRYPT}$2a$05$rgnN/...

Note the 5 rounds of crypto. If you want it to be identical to what is being done elsewhere, you need this command:

doveadm pw -r 12 -s blf-crypt
Enter new password: 
Retype new password: 
{BLF-CRYPT}$2a$12$mCEPaLQPTiV30P.....

If I put that in the MySQL database table as is, SOGo can't authenticate. If I change BLF-CRYPT to just CRYPT, (not changing any of the password text), I can authenticate using SOGo again.

I edited /usr/local/etc/sogo/sogo.conf and changed this line:

userPasswordAlgorithm = blf-crypt;

And then I did sudo service sogod restart.

Now I see this in /var/log/sogo/sogo.log:

Jul 24 12:48:29 sogod [85673]: [ERROR] <0x0x80bea2b30[SQLSource]> Unsupported user-password algorithm: blf-crypt

I edited /usr/local/etc/sogo/sogo.conf again and changed this line:

userPasswordAlgorithm = sha256-crypt;

And again I did sudo service sogod restart. Changing my password ends up with an entry like this:

{crypt}$5$03YWXmWn5xUs.......

Again, SOGo can't authenticate. It accepts my password, but then I see lots of 'request failed' messages popping up in the top right of my browser and I never see the actual inbox or anything.

What is the setting that I need to pick for all my passwords all over iRedMail so that everyone can authenticate and SOGo can change passwords in the UI?

Thanks,
Paco