Maximum password length [limit for password_min_length]

CyberSentry · April 5, 2026, 5:09pm

Hey there!

I was wondering, if there is an upper limit for the minimum password length setting in chatmail.ini. I tried a value that was exceeding 2000 (yes, I know this is not practical) and account creation did not work anymore. Is there an upper bound that is still “safe to use”?

WofWca · April 6, 2026, 8:10am

I didn’t check but I would guess that this limit is in the Dovecot code base if there is one.

This is the place where password_min_length is checked:

github.com/chatmail/relay

chatmaild/src/chatmaild/doveauth.py

b4a46d23e


      
          if len(cleartext_password) < config.password_min_length:
              logging.warning(
                  "Password needs to be at least %s characters long",
                  config.password_min_length,
              )
              return False

This is where it’s used to generate a password:

github.com/chatmail/relay

chatmaild/src/chatmaild/newemail.py

b4a46d23e


      
          def create_newemail_dict(config: Config):
              user = "".join(
                  secrets.choice(ALPHANUMERIC) for _ in range(config.username_max_length)
              )
              password = "".join(
                  secrets.choice(ALPHANUMERIC_PUNCT)
                  for _ in range(config.password_min_length + 3)
              )
              return dict(email=f"{user}@{config.mail_domain}", password=f"{password}")

There is no “password length” check there.