Re: 3.3.0 -> 3.3.2 and sasl error

Fri, 15 Feb 2019 22:38:07 -0800 

* sashk <b...@sashk.xyz>:
> Hi,
> 
>  I've attempted upgrade of my postfix docker container from alpine 3.8 (which 
> has postfix 3.3.0) to alpine 3.9 (postfix 3.3.2). Perfectly working config 
> which just worked with 3.3.0 now causing SASL auth error:  warning: SASL 
> authentication failure: No worthy mechs found
> 
>  Here is verbose logging from container: 
> 
> smtp_1  | 2019-02-16T04:33:01.621125+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-host.domain.com
> smtp_1  | 2019-02-16T04:33:01.621166+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-PIPELINING
> smtp_1  | 2019-02-16T04:33:01.621170+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-SIZE 104857600
> smtp_1  | 2019-02-16T04:33:01.621174+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-VRFY
> smtp_1  | 2019-02-16T04:33:01.621177+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-ETRN
> smtp_1  | 2019-02-16T04:33:01.621182+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-AUTH PLAIN LOGIN
> smtp_1  | 2019-02-16T04:33:01.621186+00:00 xxx postfix/smtp[106]: < 
> host.domain.com[IP.ADDRESS]:587: 250-AUTH=PLAIN LOGIN

The other side offers PLAIN LOGIN, but your smtp client doesn't like that
because those are mechanisms which send identification data in clear (read:
unencrypted). That's because you have this (default) in place:

smtp_sasl_security_options = noplaintext, noanonymous

Either you make sure your smtp client uses TLS, while it attempts to
authenticate or you lower the security policy and configure your smtp client
to permit PLAIN and/or LOGIN like this:

smtp_sasl_security_options = noanonymous

This removes the noplaintext restriction and only forbids usage of anonymous
mechanisms.

p@rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein

Reply via email to