Greetings, sashk!
> Hello Patrick, > Thanks for the response. >> The other side offers PLAIN LOGIN, but your smtp client doesn't like that >> because those are mechanisms which send identification data in clear (read: >> unencrypted). That's because you have this (default) in place: >> >> smtp_sasl_security_options = noplaintext, noanonymous >> >> Either you make sure your smtp client uses TLS, while it attempts to >> authenticate or you lower the security policy and configure your smtp client >> to permit PLAIN and/or LOGIN like this: >> >> smtp_sasl_security_options = noanonymous > I have tried this option as well, and it did not address the issue. > Perhaps I should have included full log (see bellow), but the SMTP server > won't even advertise AUTH until client starts using TLS as remote server has > following in it's master.cf: > submission inet n - n - - smtpd > -o syslog_name=postfix/submission > -o smtpd_tls_security_level=encrypt This is NOT right. submission (port 587/tcp) is a plan connection. Unencrypted. You should use default "may" here and leave "encrypt" for submissions (port 465/tcp). > -o smtpd_sasl_auth_enable=yes > -o smtpd_tls_auth_only=yes > Here is more detailed log after I set "smtp_sasl_security_options = > noanonymous" -- With best regards, Andrey Repin Saturday, February 16, 2019 23:44:24 Sorry for my terrible english...
