Victor Duchovni wrote:
On Sun, Sep 21, 2008 at 01:19:05PM +0200, Patrick Ben Koetter wrote:
Thank you both so much for your help. This was the problem - well, part
of it anyway. After setting the above, I could see that authentication
was failing. I could also see that Postfix was choosing CRAM-MD5. I
knew from prior testing that method failed interactively as well. Thus
I set "smtp_sasl_mechanism_filter = !CRAM-MD5". Then I started getting
errors about "...no available mech...". Next I found
smtp_sasl_security_options included "noplaintext" and "noanonymous" by
default. Thus I set it to "noanonymous" to allow plaintext. I still
got the "...no available mech..." message. Well I knew from prior
testing that PLAIN did work, thus I set "smtp_sasl_mechanism_filter =
PLAIN". SUCCESS!!!
But for my own curiosity, why did not Postfix find PLAIN on its own?
Why did I have to set it specifically? I would have thought that
setting !CRAM-MD5 would have been enough.
Choosing the mechanism is not done by Postfix, but by the Cyrus SASL library
libsasl, linked into the Postfix smtp client.
No, this is not entirely accurate. The "smtp_sasl_mechanism_filter"
feature is implemented entirely in Postfix. When you specify a non-empty
filter, only mechanisms that *match* the filter are passed to the SASL
library.
The match list "!CRAM-MD5" does not match anything. To match all the
remaining values one needs:
smtp_sasl_mechanism_filter = !CRAM-MD5 static:all
Thank you! This works.
Cheers,
Drew
--
Be a Great Magician!
Visit The Alchemist's Warehouse
http://www.alchemistswarehouse.com
