dovecot: avoid testing DES-encrypted passwords

[vcunat]

Those tests wouldn't work since #220557

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 23.05 Release Notes (or backporting 22.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

[vcunat]

Dovecot maintainers should confirm that dropping DES support here shouldn't cause trouble in practice: @fpletz, @globin, @ajs124.

[vcunat]

Perhaps you'd like to also like to add dovecot to the list of packages explicitly mentioned in release notes?

[ajs124]

Perhaps you'd like to also like to add dovecot to the list of packages explicitly mentioned in release notes?

Sounds like a good idea.

[fpletz]

When using a custom passwd/shadow file for dovecot, the command doveadm pw generates a bcrypt based hash by default - even before the libxcrypt changes. I don't think anyone still uses DES and if they do, they should upgrade anyways (e.g. because only the first 8 characters of the plain password are actually hashed).

[vcunat]

IIRC the default changed at the start of dovecot-2.3, so something like 2017.

[SuperSandro2000]

nit *Nixpkgs