Gerard E. Seibert: > On Sun, 8 Dec 2019 21:52:39 +0100, Patrick Ben Koetter stated: > >* Gerard E. Seibert <postfix-users@postfix.org>: > >> Thank you for that quick and accurate answer. I was just wondering, > >> is this a bug in 'libsasl' or is it due to a change in Outlook? My > >> setup had been working for years without any errors. > > > >It's very likely not a bug, but simply how SASL works. Unless > >configured explicitly to act different (any) SASL will always try to > >use the mechanism that offers the highest security strengh factor. > > > >OAUTH2 offers higher security than PLAIN, simply because PLAIN sends > >the identity (username, password) BASE64 encoded only. Encrypted > >connections are out of scope of the PLAIN mech. > > > >This said I do assume your system upgrade added OAUTH2 mechs, where > >there had been none on your old system. And what used to work because > >PLAIN was the only mech and therefore had the highest security strengh > >factor suddenly began to fail because now OAUTH2 was preferred over > >PLAIN. > > > >Limiting the list of SASL mechs that may be used, just like Wietse > >wrote, explicitly configures Cyrus SASL to ignore any other mechs > >except for those on the list. > > > >p@rick > > I know that this is going to sound stupid, and probably does not belong > on this list, but how exactly do I add "QAUTH2 mechs" to my system and > do I have to do anything special to postfix? Please feel free to refer > me to a better place to ask this question.
You updated your system, this installed a new SASL library, and suddenly a whole s*load of features were enabled that previously weren't supported. Or, Microsoft suddenly decided to announce OAUTH2 support where previously they did not. Or both. Wietse