Gerard E. Seibert:
> On Sun, 8 Dec 2019 21:52:39 +0100, Patrick Ben Koetter stated:
> >* Gerard E. Seibert <postfix-users@postfix.org>:
> >> Thank you for that quick and accurate answer. I was just wondering,
> >> is this a bug in 'libsasl' or is it due to a change in Outlook? My
> >> setup had been working for years without any errors.
> >
> >It's very likely not a bug, but simply how SASL works. Unless
> >configured explicitly to act different (any) SASL will always try to
> >use the mechanism that offers the highest security strengh factor.
> >
> >OAUTH2 offers higher security than PLAIN, simply because PLAIN sends
> >the identity (username, password) BASE64 encoded only. Encrypted
> >connections are out of scope of the PLAIN mech.
> >
> >This said I do assume your system upgrade added OAUTH2 mechs, where
> >there had been none on your old system. And what used to work because
> >PLAIN was the only mech and therefore had the highest security strengh
> >factor suddenly began to fail because now OAUTH2 was preferred over
> >PLAIN.
> >
> >Limiting the list of SASL mechs that may be used, just like Wietse
> >wrote, explicitly configures Cyrus SASL to ignore any other mechs
> >except for those on the list.
> >
> >p@rick
>
> I know that this is going to sound stupid, and probably does not belong
> on this list, but how exactly do I add "QAUTH2 mechs" to my system and
> do I have to do anything special to postfix? Please feel free to refer
> me to a better place to ask this question.
You updated your system, this installed a new SASL library, and
suddenly a whole s*load of features were enabled that previously
weren't supported.
Or, Microsoft suddenly decided to announce OAUTH2 support where
previously they did not.
Or both.
Wietse
