On 4/24/2010 1:31 PM, Oliver Schinagl wrote:
Sahil Tandon wrote:
On Sat, 24 Apr 2010, Oliver Schinagl wrote:
smtpd_sasl_security_options = noplainpassword, noanonymous
^^^^^^^^^^^^^^^
Did you mean noplaintext?
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
I'm such a tard, I should have just copy/pasted it :S I felt adventurous copy
pasted it from my postconf -n and prepeended it; this i have in my main.cf (but
uncommented to try it obviously).
#smtpd_sasl_security_options = noplaintext, noanonymous
is the option I had, i feel like such a tard now and stupid. The problem
described eariler is valid however. Sorry :(
Ah then. You said earlier:
my /etc/sasl/smtpd.conf authenticates against courier-authlib, which I also use
for courier-imap.
# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2
2004/07/18 03:26:56 dragonheart Exp $
pwcheck_method: authdaemond
mech_list: login plain
authdaemon_path: /var/lib/courier/authdaemon/socket
log_level: 1
It looks to me as if you've told courier to use plain-text
only (login and plain are both plain text formats), and told
postfix to not use plain text on unencrypted connections.
Most folks solve this by setting in main.cf
smtpd_tls_auth_only = yes
which requires an encrypted connection before AUTH is offered,
or I suppose you can add cram-md5 or some other method to your
mech_list.
http://www.postfix.org/postconf.5.html#smtpd_tls_auth_only
