-------- Original Message -------- Subject: thunderbird 3.0, cram-md5 failing From: Jay G. Scott <g...@arlut.utexas.edu> To: postfix-users@postfix.org Date: Thursday, August 13, 2009 3:03:38 PM
Greetings,client = thunderbird 3.0 beta 3 postfix 2.3.3 linux, host == jgstoy doing TLS encryption and authentication. windows/thunderbird 2.0.0.22 works windows/outlook 2003 works looking at /var/log/maillog i see that thunderbird 3 is setting up a TLS connection okay. but the authentication fails: Aug 13 14:51:40 smail postfix/smtpd[3128]: warning: SASL authentication failure: no secret in database Aug 13 14:51:40 smail postfix/smtpd[3128]: warning: jgstoy.arlut.utexas.edu[10.3.16.56]: SASL CRAM-MD5 authentication failed: authentication failure 1. i can't seem to tell thunderbird not to use cram-md5, but that might be a short-term workaround. if i change smtpd.conf to be just plain login then thunderbird says the server doesn't authenticate. 2. some people who should know were saying in feb 2007 that saslauthd did not support cram-md5. but.... it looks like it should. does it work nowadays? 3. i CAN use openssl to "telnet" in and send mail from the linux client jgstoy. but i used auth plain not auth cram-md5. so the problem is getting cram-md5 to work on the server, right?
I would suggest using smtptest (part of cyrus) to confirm that your server correctly authenticates using CRAM-MD5. If it works, then there's a problem with thunderbird. If not, then you can either stop advertising CRAM or look into fixing the problem on the server side.
Also note, in my experience T-Bird caches and does not refresh the list of available auth mechs without a restart. So if you change available mechs on the server, t-bird will not notice and may continue to try and authenticate using the now unsupported mech. I've seen this silly behavior after making account server/port settings changes. This would explain point #1 above.
--Blake
