Dear Patric; What I have to set mech_list: in the smtpd.conf if I used the below commands? And do I need to restart postfix service after do a changes in smtpd.conf?
smtpd_sasl_security_options = noanonymous, noplaintext smtpd_tls_sasl_security_options = noanonymous Currently I see the following logs (still did not configure the dovecot): Jan 14 06:02:02 localhost dovecot: pop3-login: Login: user=<bghayad>, method=PLAIN, rip=78.154.199.70, lip=207.150.197.37 Jan 14 06:02:02 localhost dovecot: POP3(bghayad): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/bghayad Jan 14 06:02:02 localhost dovecot: Fatal: POP3(bghayad): Namespace initialization failed Jan 14 06:02:02 localhost postfix/smtpd[2509]: warning: xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms Jan 14 06:02:02 localhost postfix/smtpd[2509]: fatal: no SASL authentication mechanisms Jan 14 06:02:03 localhost postfix/master[2120]: warning: process /usr/libexec/postfix/smtpd pid 2509 exit status 1 Jan 14 06:02:03 localhost postfix/master[2120]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling Regards Bilal Regards Bilal --- On Fri, 1/13/12, Patrick Ben Koetter <p...@state-of-mind.de> wrote: > From: Patrick Ben Koetter <p...@state-of-mind.de> > Subject: Re: smtpd_sasl_security_options = noanonymous, CRAM-MD5 > To: postfix-users@postfix.org > Date: Friday, January 13, 2012, 6:03 PM > * bilal ghayyad <bilmar...@yahoo.com>: > > Hi All; > > > > If I set smtpd_sasl_security_options = CRAM-MD5 > instead of noanonymous, then what will happen in this case? > > The server will throttle. CRAM-MD5 is not a valid option > for > smtpd_sasl_security_options. > > Set this instead: > > # main.cf > smtpd_sasl_security_options = noanonymous, noplaintext > > # smtpd.conf > mech_list: cram-md5 > > > > And if I used: smtpd_use_tls = yes and did not use > certificate, then they > > password will be sent encrypted or not? > > This forces TLS on all clients. You must not do it on a > publicly available MX > according to RFCs. > > > Also, what if I used this also? smtpd_tls_auth_only = > yes > > You want noplaintext over unencrypted channels and > plaintext over crypted, > yes? Try this in main.cf: > > smtpd_sasl_security_options = noanonymous, noplaintext > smtpd_tls_sasl_security_options = noanonymous > > > > Is it possible to set all togethor? How it will work > in this case: > > Use my examples from above. > > p@rick > > -- > All technical questions asked privately will be > automatically answered on the > list and archived for public access unless privacy is > explicitely required and > justified. > > saslfinger (debugging SMTP AUTH): > <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/> >
