One thing I note is that "telnet mail.simonandkate.net 587" does not
return AUTH in the list offered:
220 mail.simonandkate.net ESMTP Postfix
EHLO simon.whatever
250-mail.simonandkate.net
250-PIPELINING
250-SIZE 26214400
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
So it would appear that SASL is *not* setup right... but why do I get
log entries saying the iPhone is sending email as sasl_method=PLAIN,
sasl_username=simon?
So can anyone tell me what I have done wrong? Why does SASL appear to be
(possibly) working for PLAIN (iPhone) but not for the Nokia (CRAM-MD5),
and why is the server not advertising the AUTH methods?
smtpd_tls_auth_only = yes
Because of:
smtpd_tls_auth_only (default: no)
When TLS encryption is optional in the Postfix SMTP server, do not
announce or accept SASL authentication over unencrypted connections.
This feature is available in Postfix 2.2 and later.
you need to use openssl s_client -connect mailserver:port to get the
auth advertising, so pure telnet is not encrypted connection.
Make sure that nokia is really using encryption (tls)
--
Eero
