Apologies for slow turnaround: the real world obtruded. I'm still no nearer understanding, but I have looked into several blind alleys. One thought I had was that "worthy" might mean something like "carrying trusted authentication detail such as password" and that there might be a flag the SASL user could set in this respect. I.e. much the same thought as you had. I went on to check that the stipulations on my netrc file were met, but so far found nothing untoward. When I can work out were netrc is being checked I will stop with a breakpoint and follow it through, but that may take a day or two, life being what it is. It's curious that you get further than I do, evidently post at least trying to authenticate, whereas in my case it's not even attempting to (I think). There must therefore be some glitch in my setup and I will continue probing as and when I can.
In response to your questions - Yes, my main experiment is with -saslmech PLAIN. You'll see most of the options forced below. I understand my SASL to be version 2.1.27, partly from the Debian package name and partly from /usr/include/sasl/sasl.h, which incidentally is a mine of information, almost a man page in its comments. At all events, what I have all comes from the Debian bookworm distribution. I will investigate the git repo, but that's a whole new adventure for me and will take a while. There is precious little more before the mysterious diagnostic, but for what it's worth, again shorn only of obvious irrelevancies, here is the a complete command window cut/paste, beginning with the command file and including snoop - [Showing the surrounding environment setup - ] ...system/nmh/nmh-1.7.1$ cat ../my-antics/mypost #!/bin/bash #set -vx ANTDIR=~ajms/0/comp/this_system/nmh/my-antics INSTDIR=~ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir LIBEXEC=$INSTDIR/libexec/nmh/ NEWBIN=$INSTDIR/bin export PATH=$NEWBIN:$PATH gdb --args $LIBEXEC/post -mts smtp -server mail.btinternet.com -port 465 -sasl -saslmech PLAIN -initialtls -user [email protected] -snoop -verbose $ANTDIR/draftmsg ...system/nmh/nmh-1.7.1$ [ I should add that my .mh_profile contains ] [ credentials: file:/home/ajms/.mh_dir/netrc ] [Now running that lot - ] ../my-antics/mypost GNU gdb (Debian 10.1-2) 10.1.90.20210103-git [ ---snipped--- ] Reading symbols from /home/ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir/libexec/nmh//post... (gdb) run Starting program: /home/ajms/0/comp/this_system/nmh/nmh-1.7.1/testdir/libexec/nmh/post -mts smtp -server mail.btinternet.com -port 465 -sasl -saslmech PLAIN -initialtls -user [email protected] -snoop -verbose /home/ajms/0/comp/this_system/nmh/my-antics/draftmsg [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". -- Posting for All Recipients -- Trying to connect to "mail.btinternet.com" ... Connecting to 213.120.69.88:465... TLS negotiation successful: ECDHE-RSA-AES128-GCM-SHA256(128) TLSv1.2 SSL-Session: [ --- snipped --- ] Extended master secret: yes [EHLO dialogue begins] (tls-decrypted) <= 220 re-prd-rgout-004.btmx-prd.synchronoss.net ESMTP Service ready (tls-encrypted) => EHLO bryher.nodomain (tls-decrypted) <= 250-re-prd-rgout-004.btmx-prd.synchronoss.net (tls-decrypted) <= 250-DSN (tls-decrypted) <= 250-8BITMIME (tls-decrypted) <= 250-PIPELINING (tls-decrypted) <= 250-AUTH=LOGIN (tls-decrypted) <= 250-AUTH LOGIN PLAIN (tls-decrypted) <= 250-DELIVERBY 300 (tls-decrypted) <= 250 SIZE 41943040 (tls-encrypted) => RSET (tls-decrypted) <= 250 RSET (tls-encrypted) => QUIT (tls-decrypted) <= 221 re-prd-rgout-004.btmx-prd.synchronoss.net QUIT post: problem initializing server; [BHST] SASL client start failed: SASL(-4): no mechanism available: No worthy mechs found [Inferior 1 (process 2389) exited with code 01] (gdb) q [ end of screen shot ] Anything else I could send to help? Tony -- Tony Stoneley Preferred email address [email protected] ...not withstanding anything any ISP may force into my "From:" field ---------------------------------------------------------------- Ken Hornstein wrote on Wed, 02 Feb 2022 09:57:35 -0500 So, silly question ... did you try -saslmech PLAIN? That is what I tested and I got basically "no such user" when I tested it against your ISPs server (because I made up an username/password). I am not sure if Cyrus-SASL supports the LOGIN mechanism (although, WITHOUT -saslmech it should have picked the "best" mechanism and selected PLAIN). LOGIN and PLAIN are basically equivalent from a security standpoint. "No worthy mechs found" ... I'd have to dig into Cyrus-SASL to recall what that means. There's some additional criteria you can use for mechanism selection (like "does not require encrypted channel") but I don't believe we ever configure those criteria. If you could post the -snoop output before you get to that point it would be helpful. Also, if you are capable of using the latest sources in the git repo, there is some additional debugging printed when using -snoop that might be helpful. Also, if you can tell me exactly which version of Cyrus-sasl you are compiling against, I can take a look at that error message.
