Greetings, Patrick Ben Koetter! >> Hi, >> >> I've attempted upgrade of my postfix docker container from alpine 3.8 >> (which has postfix 3.3.0) to alpine 3.9 (postfix 3.3.2). Perfectly working >> config which just worked with 3.3.0 now causing SASL auth error: warning: >> SASL authentication failure: No worthy mechs found >> >> Here is verbose logging from container: >> >> smtp_1 | 2019-02-16T04:33:01.621125+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-host.domain.com >> smtp_1 | 2019-02-16T04:33:01.621166+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-PIPELINING >> smtp_1 | 2019-02-16T04:33:01.621170+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-SIZE 104857600 >> smtp_1 | 2019-02-16T04:33:01.621174+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-VRFY >> smtp_1 | 2019-02-16T04:33:01.621177+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-ETRN >> smtp_1 | 2019-02-16T04:33:01.621182+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-AUTH PLAIN LOGIN >> smtp_1 | 2019-02-16T04:33:01.621186+00:00 xxx postfix/smtp[106]: < >> host.domain.com[IP.ADDRESS]:587: 250-AUTH=PLAIN LOGIN
> The other side offers PLAIN LOGIN, but your smtp client doesn't like that > because those are mechanisms which send identification data in clear (read: > unencrypted). That's because you have this (default) in place: > smtp_sasl_security_options = noplaintext, noanonymous > Either you make sure your smtp client uses TLS, while it attempts to > authenticate or you lower the security policy and configure your smtp client > to permit PLAIN and/or LOGIN like this: > smtp_sasl_security_options = noanonymous > This removes the noplaintext restriction and only forbids usage of anonymous > mechanisms. You really should not lower security of your system without a very good reason. The option you are looking for is... smtp_tls_security_level = may ...but... The bad news is that remote does not offer STARTTLS. -- With best regards, Andrey Repin Saturday, February 16, 2019 9:43:14 Sorry for my terrible english...
