On Fri, Jul 8, 2016 at 9:17 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote: > >> On Jul 8, 2016, at 9:15 PM, Wietse Venema <wie...@porcupine.org> wrote: >> >> Your SASL library cannot authenticate with PLAIN or LOGIN. > > Another possibility is that it supports and prefers XOAUTH2, but lacks > the necessary credentials or configuration to do so. In that case filtering > out that mechanism might resolve the problem. It could be that the server > side has only recently enabled that mechanism.
Answering Wietse here, too, but I haven't touched the config and it's been months since the config's been touched at all, and the server got rebooted a few weeks ago for a UPS replacement, so it seems likely that comcast changed something. According to https://www.iana.org/assignments/sasl-mechanisms/sasl-mechanisms.xml XOAUTH2 is totally obsolete and I can't imagine Comcast requiring that at this late date (I've been doing PLAIN over TLS for the last two years with this postfix instance). How might 'filtering out that mechanism" be done, Viktor? Doesn't sound (or look like, based on SASL_README) that it's something done in postfix. smtp sasl options in main.cf: smtp_sasl_auth_enable = yes smtp_sasl_password_maps = hash:/Library/Server/Mail/Config/postfix/sasl/passwd smtp_sasl_security_options = noanonymous