Postfix - Dovecot SASL problem
Chuck Swiger
cswiger at mac.com
Thu Aug 18 23:19:12 UTC 2011
Hi--
On Aug 18, 2011, at 2:38 PM, Petr Holub wrote:
> smtpd_sasl_security_options = noanonymous, noplaintext
> smtpd_sasl_tls_security_options = noanonymous
>From what I've seen in your ktrace, you're only offering "MECH LOGIN plaintext", which isn't going be allowable per the Postfix setting. You need to setup CRAM-MD5 or maybe GSSAPI, or else permit plaintext auth mechanisms if the connection is coming via TLS/SSL:
http://wiki2.dovecot.org/HowTo/CRAM-MD5
Also see:
http://www.postfix.org/postconf.5.html
"Warning: it appears that clients try authentication methods in the order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) which means that if you disable plaintext passwords, clients will log in anonymously, even when they should be able to use CRAM-MD5. So, if you disable plaintext logins, disable anonymous logins too. Postfix treats anonymous login as no authentication."
Regards,
--
-Chuck
More information about the freebsd-ports
mailing list