Date: Thu, 18 Aug 2011 15:18:41 -0700 From: Chuck Swiger <cswiger@mac.com> To: Petr Holub <hopet@ics.muni.cz> Cc: ports@FreeBSD.org Subject: Re: Postfix - Dovecot SASL problem Message-ID: <6F680A88-344A-43EA-9999-EFA310766657@mac.com> In-Reply-To: <00e201cc5def$3faf1ef0$bf0d5cd0$@muni.cz> References: <00e201cc5def$3faf1ef0$bf0d5cd0$@muni.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi-- On Aug 18, 2011, at 2:38 PM, Petr Holub wrote: > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = noanonymous >From what I've seen in your ktrace, you're only offering "MECH LOGIN plaintext", which isn't going be allowable per the Postfix setting. You need to setup CRAM-MD5 or maybe GSSAPI, or else permit plaintext auth mechanisms if the connection is coming via TLS/SSL: http://wiki2.dovecot.org/HowTo/CRAM-MD5 Also see: http://www.postfix.org/postconf.5.html "Warning: it appears that clients try authentication methods in the order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) which means that if you disable plaintext passwords, clients will log in anonymously, even when they should be able to use CRAM-MD5. So, if you disable plaintext logins, disable anonymous logins too. Postfix treats anonymous login as no authentication." Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6F680A88-344A-43EA-9999-EFA310766657>