> relayhost = [smtp.gmail.com]:587
This host supports no SASL authentication BEFORE STARTLS:
% telnet smtp.gmail.com 587
...
220 mx.google.com ESMTP 42sm38391439vws.8
ehlo hostname.porcupine.org
250-mx.google.com at your service, [my.ip.addr]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 PIPELINING
This host supports the following mechanisms AFTER STARTLS:
% openssl s_client -connect smtp.gmail.com:587 -starttls smtp
...
ehlo hostname.porcupine.org
250-mx.google.com at your service, [my.ip.addr]
250-SIZE 35651584
250-8BITMIME
250-AUTH LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250 PIPELINING
> smtp_sasl_auth_enable = yes
> smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
Fine.
> smtp_sasl_security_options = noanonymous, noplaintext
Irrelevant, because gmail does not support SASL over non-TLS connections.
> smtp_sasl_tls_security_options = noanonymous
> smtp_use_tls = yes
Postfix allows login + plain, and gmail announces login + plain,
therefore your SASL library is not cooperating.
Run the saslfinger program *AND REPORT ALL ITS OUTPUT*.
Wietse
