On 11/10/15 11:49, Patrick Ben Koetter wrote: > * niya levi <niyal...@gmail.com>: >> nano /etc/dovecot/dovecot.conf >> >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0666 >> user = postfix >> } >> } > No reason to let others read auth data. Make that: > > mode = 0660 > >> postconf -n >> broken_sasl_auth_clients = yes >> >> >> myorigin = $myhostname >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_exceptions_networks = $mynetworks >> smtpd_sasl_local_domain = $myhostname >> smtpd_sasl_path = private/auth >> smtpd_sasl_security_options = noanonymous noplaintext > That's the problem. Your dovecot server only annouces PLAIN as auth mechanism > (by default). Modify the smtpd_sasl_security_options like this: > > smtpd_sasl_security_options = noanonymous > > Then try again. > > I suggest to configure your mail server to offer SMTP AUTH on submission (587) > only. Enforce TLS on the submission port and PLAIN will be safe to use. > > p@rick > >> Oct 11 10:45:43 testy postfix/smtpd[16760]: >> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN >> Oct 11 10:45:43 testy postfix/smtpd[16760]: >> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN >> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication >> mechanisms thanks p@rick have corrected smtpd_sasl_security_options. > I suggest to configure your mail server to offer SMTP AUTH on submission (587) > only. Enforce TLS on the submission port and PLAIN will be safe to use. should i change smtpd_sasl_auth_enable = yes to no in main.cf move the rest of the sasl entries in main.cf yo master.cf and change the smtpd_tls_auth_only in the submission section in master.cf to yes ?
shadrock