Re: no SASL authentication mechanisms

Sun, 11 Oct 2015 08:18:04 -0700 


On 11/10/15 15:57, Patrick Ben Koetter wrote:
> * niya levi <niyal...@gmail.com>:
>>
>> On 11/10/15 11:49, Patrick Ben Koetter wrote:
>>> * niya levi <niyal...@gmail.com>:
>>>> nano /etc/dovecot/dovecot.conf
>>>>
>>>> service auth {
>>>>   unix_listener /var/spool/postfix/private/auth {
>>>>     group = postfix
>>>>     mode = 0666
>>>>     user = postfix
>>>>   }
>>>> }
>>> No reason to let others read auth data. Make that:
>>>
>>> mode = 0660
>>>
>>>> postconf -n
>>>> broken_sasl_auth_clients = yes                                             
>>>>                                                                            
>>>>                                                    
>>>> myorigin = $myhostname
>>>> smtpd_sasl_auth_enable = yes
>>>> smtpd_sasl_exceptions_networks = $mynetworks
>>>> smtpd_sasl_local_domain = $myhostname
>>>> smtpd_sasl_path = private/auth
>>>> smtpd_sasl_security_options = noanonymous noplaintext
>>> That's the problem. Your dovecot server only annouces PLAIN as auth 
>>> mechanism
>>> (by default). Modify the smtpd_sasl_security_options like this:
>>>
>>> smtpd_sasl_security_options = noanonymous
>>>
>>> Then try again.
>>>
>>> I suggest to configure your mail server to offer SMTP AUTH on submission 
>>> (587)
>>> only. Enforce TLS on the submission port and PLAIN will be safe to use.
>>>
>>> p@rick
>>>
>>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: 
>>>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
>>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: 
>>>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
>>>> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication 
>>>> mechanisms
>> thanks p@rick
>> have corrected smtpd_sasl_security_options.
>>> I suggest to configure your mail server to offer SMTP AUTH on submission 
>>> (587)
>>> only. Enforce TLS on the submission port and PLAIN will be safe to use.
>> should i change smtpd_sasl_auth_enable = yes to no in main.cf
>> move the rest of the sasl entries in main.cf yo master.cf
> Leave all settings in main.cf and disable smtpd_sasl_auth_enable in main.cf.
> Then turn it on in master.cf in context of the submission service.
>
>> and change the smtpd_tls_auth_only in the submission section in
>> master.cf to yes ?
> yep.
>
> p@rick
>
>
many thanks Patrick






















					Reply via email to