On Sun, Sep 21, 2008 at 01:19:05PM +0200, Patrick Ben Koetter wrote:
> > Thank you both so much for your help. This was the problem - well, part
> > of it anyway. After setting the above, I could see that authentication
> > was failing. I could also see that Postfix was choosing CRAM-MD5. I
> > knew from prior testing that method failed interactively as well. Thus
> > I set "smtp_sasl_mechanism_filter = !CRAM-MD5". Then I started getting
> > errors about "...no available mech...". Next I found
> > smtp_sasl_security_options included "noplaintext" and "noanonymous" by
> > default. Thus I set it to "noanonymous" to allow plaintext. I still
> > got the "...no available mech..." message. Well I knew from prior
> > testing that PLAIN did work, thus I set "smtp_sasl_mechanism_filter =
> > PLAIN". SUCCESS!!!
> >
> > But for my own curiosity, why did not Postfix find PLAIN on its own?
> > Why did I have to set it specifically? I would have thought that
> > setting !CRAM-MD5 would have been enough.
>
> Choosing the mechanism is not done by Postfix, but by the Cyrus SASL library
> libsasl, linked into the Postfix smtp client.
No, this is not entirely accurate. The "smtp_sasl_mechanism_filter"
feature is implemented entirely in Postfix. When you specify a non-empty
filter, only mechanisms that *match* the filter are passed to the SASL
library.
The match list "!CRAM-MD5" does not match anything. To match all the
remaining values one needs:
smtp_sasl_mechanism_filter = !CRAM-MD5 static:all
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:[EMAIL PROTECTED]>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
