So actually, there's one thing I still don't understand. How does postfix/sasl/courier authenticate the password without knowing the salt?
For example, if I'm using php and do crypt('password', '$1$saltvalue$1') to generate a hash and store it in a db, when I go to check a user's login and compare what they typed against the hash stored in the db, would I not have to know what "saltvalue" is in order to compare the hashes? i.e.
if (crypt($_POST['password'], '$1$saltvalue$') == $hash_from_db)
// log user in
So how can postfix, etc authenticate the password without knowing the salt value? Does it somehow figure out the salt based on the plain password provided and the hash, or is there a default salt (say first 6 characters of the password) and ISPConfig uses that same method so it happens to work with postfix, etc.?
This may be something basic but I'm very new to the salt concept and what I found on google said you needed the salt value to compare a user provided password with the stored hash. I've got everything working but it just drives me crazy when I don't understand how something works lol.