From owner-freebsd-ports@FreeBSD.ORG Thu Aug 18 23:19:12 2011 Return-Path: Delivered-To: ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3132D106564A for ; Thu, 18 Aug 2011 23:19:12 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout030.mac.com (asmtpout030.mac.com [17.148.16.105]) by mx1.freebsd.org (Postfix) with ESMTP id 1AF0E8FC12 for ; Thu, 18 Aug 2011 23:19:11 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from cswiger1.apple.com ([17.209.4.71]) by asmtp030.mac.com (Oracle Communications Messaging Exchange Server 7u4-20.01 64bit (built Nov 21 2010)) with ESMTPSA id <0LQ500LIP9Z6AX40@asmtp030.mac.com> for ports@FreeBSD.org; Thu, 18 Aug 2011 15:18:46 -0700 (PDT) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.4.6813,1.0.211,0.0.0000 definitions=2011-08-18_08:2011-08-18, 2011-08-18, 1970-01-01 signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 ipscore=0 suspectscore=0 phishscore=0 bulkscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx engine=6.0.2-1012030000 definitions=main-1108180246 From: Chuck Swiger In-reply-to: <00e201cc5def$3faf1ef0$bf0d5cd0$@muni.cz> Date: Thu, 18 Aug 2011 15:18:41 -0700 Message-id: <6F680A88-344A-43EA-9999-EFA310766657@mac.com> References: <00e201cc5def$3faf1ef0$bf0d5cd0$@muni.cz> To: Petr Holub X-Mailer: Apple Mail (2.1084) Cc: ports@FreeBSD.org Subject: Re: Postfix - Dovecot SASL problem X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2011 23:19:12 -0000 Hi-- On Aug 18, 2011, at 2:38 PM, Petr Holub wrote: > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_sasl_tls_security_options = noanonymous >From what I've seen in your ktrace, you're only offering "MECH LOGIN plaintext", which isn't going be allowable per the Postfix setting. You need to setup CRAM-MD5 or maybe GSSAPI, or else permit plaintext auth mechanisms if the connection is coming via TLS/SSL: http://wiki2.dovecot.org/HowTo/CRAM-MD5 Also see: http://www.postfix.org/postconf.5.html "Warning: it appears that clients try authentication methods in the order as advertised by the server (e.g., PLAIN ANONYMOUS CRAM-MD5) which means that if you disable plaintext passwords, clients will log in anonymously, even when they should be able to use CRAM-MD5. So, if you disable plaintext logins, disable anonymous logins too. Postfix treats anonymous login as no authentication." Regards, -- -Chuck