Hey all, So I have tweaked my main.cf and enabled noplainpassword my sasl craps out.
smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous works, smtpd_sasl_security_options = noplainpassword, noanonymous smtpd_sasl_tls_security_options = noanonymous gives me the following postfix error Apr 24 13:49:49 foo postfix/smtpd[3978]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms Apr 24 13:49:49 foo postfix/smtpd[3978]: fatal: no SASL authentication mechanisms Apr 24 13:49:50 foo postfix/master[3919]: warning: process /usr/lib64/postfix/smtpd pid 3978 exit status 1 in /usr/lib/sasl2 I find the following libraries to auth against/with: foo sasl2 # ls /usr/lib/sasl2/ libanonymous.la libdigestmd5.so liblogin.so.2 libplain.so.2.0.23 libanonymous.so libdigestmd5.so.2 liblogin.so.2.0.23 libsasldb.la libanonymous.so.2 libdigestmd5.so.2.0.23 libntlm.la libsasldb.so libanonymous.so.2.0.23 libgssapiv2.la libntlm.so libsasldb.so.2 libcrammd5.la libgssapiv2.so libntlm.so.2 libsasldb.so.2.0.23 libcrammd5.so libgssapiv2.so.2 libntlm.so.2.0.23 libsql.la libcrammd5.so.2 libgssapiv2.so.2.0.23 libplain.la libsql.so libcrammd5.so.2.0.23 liblogin.la libplain.so libsql.so.2 libdigestmd5.la liblogin.so libplain.so.2 libsql.so.2.0.23 my /etc/sasl/smtpd.conf authenticates against courier-authlib, which I also use for courier-imap. # $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/smtp.sasl,v 1.2 2004/07/18 03:26:56 dragonheart Exp $ pwcheck_method: authdaemond mech_list: login plain authdaemon_path: /var/lib/courier/authdaemon/socket log_level: 1 Now I'll admit i'm no sasl (nor postfix) expert but I figure, if sasl uses courier-authlib to authenticate as does courier-imap that if the one works, that courier-authlib 'works'. So this error would come from sasl or postfix? In any case, wasn't the idea from the double option, to only allow plain text passwords on port 25 with tls enabled, but no plain text passwords on regular 25. (I suppose port smpts would also work yeah?) In any case, if this is the case, why won't sasl/postfix start normally? Also, as far as I can tell sending mail from a remote client works, and it even asks me for a password (after asking whether the certificate comes up to be accepted). So ... what am I missing here? I can auth fine with the postfix -> sasl-> authlib -> postgres setup but not when I disable the (unused) plaintext passwords.
