identifying safe error with postfix + dovecot

[Wilberth Pérez]

When I configure smtp server from my mail client (thunderbird) with user name login and secure STARTTLS , if i try to send a message the following error message appers: "An error occurred while sending mail: unable to log on to the SMTP server mailer.uady.mx. The server does not accept any mechanism for identifying safe, but you have chosen to secure identification. Try switching to non-secure identification or contact your service provider." however if i disable "use identifying safe" can send messages without any problem any idea what happens ? how i can use both, login identification (AUTH) plus identify safe (STARTTLS) ? AUTH  and TLS are configure and enable in my mail server:  bash-3.00# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mailer.uady.mx ESMTP Postfix ehlo localhost 250-mailer.uady.mx 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN My AUTH and TLS configuration is: smtpd_sasl_security_options = noanonymous smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth smtpd_sasl_authenticated_header = yes broken_sasl_auth_clients = yes smtpd_sender_restrictions = permit_sasl_authenticated, reject_unauth_destination smtpd_client_restrictions = permit_sasl_authenticated, reject_unauth_destination smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination #TLS #smtpd_tls_auth_only  = yes smtpd_tls_security_level = encrypt #smtpd_tls_CAfile   = /etc/postfix/certs/mailer/CA-crt.pem #smtpd_tls_CApath = /etc/postfix/certs/mailer smtpd_tls_cert_file   = /etc/postfix/certs/mailer/mailer-crt.pem smtpd_tls_key_file   = /etc/postfix/certs/mailer/mailer-key.pem smtpd_tls_loglevel = 2 #smtpd_tls_ask_ccert = yes #smtpd_tls_req_ccert = yes master.cf have: # ========================================================================== # service type  private unpriv  chroot  wakeup  maxproc command + args #               (yes)   (yes)   (yes)   (never) (100) # ========================================================================== smtp      inet  n       -       n       -       -       smtpd #submission inet n       -       n       -       -       smtpd   -o smtpd_tls_security_level=may   -o smtpd_sasl_auth_enable=yes   -o smtpd_client_restrictions=permit_sasl_authenticated,reject #  -o milter_macro_daemon_name=ORIGINATING smtps     inet  n       -       n       -       -       smtpd   -o smtpd_tls_wrappermode=yes   -o smtpd_sasl_auth_enable=yes   -o smtpd_client_restrictions=permit_sasl_authenticated,reject #  -o milter_macro_daemon_name=ORIGINATING -- -------------------------------------------------------- LCC Wilberth de Jesús Pérez Segura CCSA- Administración de Servicios y Seguridad de las TI Correo: wilberth.pe...@uady.mx Universidad Autónoma de Yucatán Secretaría General Coordinación Administrativa de Tecnologías de Información RIUADY C-59 x Av. Itzáes (999)923-74-28 Ext. 1117 Mérida, Yucatán, México 2010 --------------------------------------------------------