On Mon, Aug 30, 2010 at 01:32:25PM -0400, Adam Tauno Williams wrote:
> On Mon, 2010-08-30 at 13:04 -0400, Wietse Venema wrote:
> > Jean-Yves Avenard:
> > > smtpd_sasl_auth_enable = yes
> > > smtpd_sasl_authenticated_header = yes
> > > smtpd_sasl_security_options = noanonymous, noplaintext
> > > smtpd_sasl_tls_security_options = noanonymous
> > If this does not announce the SASL mechanisms that you expect, then
> > the missing mechanisms are not installed with the Cyrus SASL library.
>
> No, as demonstrate previously in the thread:
> <quote>
> telnet localhost 25 shows:
> 250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
> 250-STARTTLS
> </quote>
>
> - the issue is that Postfix advertises "LOGIN" and "PLAIN" regardless of
> the presence of "noplaintext" in smtpd_sasl_security_options
Probably not surprising when the Cyrus library is pre-empted by Apple's
"pw" server, and the mechanism list is defined in an Apple-specific
configuration parameter.
--
Viktor.
