Postfix - Dovecot SASL problem

Chuck Swiger cswiger at
Thu Aug 18 23:19:12 UTC 2011


On Aug 18, 2011, at 2:38 PM, Petr Holub wrote:
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sasl_tls_security_options = noanonymous

>From what I've seen in your ktrace, you're only offering "MECH LOGIN plaintext", which isn't going be allowable per the Postfix setting.  You need to setup CRAM-MD5 or maybe GSSAPI, or else permit plaintext auth mechanisms if the connection is coming via TLS/SSL:

Also see:

"Warning: it appears that clients try authentication methods in the order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) which means that if you disable plaintext passwords, clients will log in anonymously, even when they should be able to use CRAM-MD5. So, if you disable plaintext logins, disable anonymous logins too. Postfix treats anonymous login as no authentication."


More information about the freebsd-ports mailing list