* punit jain <[EMAIL PROTECTED]>: > Hi All, > > I have a query on SASL mechanism. > > I have enabled 3 mechanisms and that can be seen as : - > > ehlo localhost > 250-proxy.test.com > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH LOGIN CRAM-MD5 PLAIN > 250-AUTH=LOGIN CRAM-MD5 PLAIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > > Here I have 3 mechanism and they should authenticate in the order advertised > by the server correct ?
No. > I read on postfix forums that Postfix always uses the most secure mechanism > when several are offered. So in this case which one will be used ? Will > LOGIN be used first ? Postfix does not handle the election of the mechanism, when the Postfix smtp client decides to use SMTP AUTH. The Cyrus SASL library libsasl elects the mechanism. And yes, it will always try to use the most secure mechanism. In your case it will prefer CRAM-MD5 oder LOGIN or PLAIN. > Even though my smtpd.conf has mech_list: CRAM-MD5 PLAIN LOGIN setting but > still server advertises LOGIN first why ? The order in which mechanisms are listed in $mech_list or in which they are announced as SMTP capability is irrelevant. The client chooses the "best" mechanism by it's own logic. > Can anyone help me with this ? What problem are you trying to solve? [EMAIL PROTECTED] -- The Book of Postfix <http://www.postfix-book.com> saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
