* Wietse Venema <postfix-users@postfix.org>: > Wietse Venema: > > Ed W: > > > On 13/03/2012 23:50, Wietse Venema wrote: > > > > #submission inet n - n - - smtpd > > > > # -o syslog_name=postfix/submission > > > > # -o smtpd_tls_security_level=encrypt > > > > > > I forget the exact details now, but one mail client, I think it might be > > > an Android or iPhone mail client(?) defaults to using the submission > > > service but without encryption. The error messages were confusing and > > > unhelpful to the customer and I just recall it took some time to realise > > > that it was the enforced tls requirement that was the problem > > > > > > I see no reason to *require* encryption on the submission port (RFC > > > aside). I think "may" is a more appropriate default? > > > > That's not a problem for me. I don't use the submission service > > and rely on input from the real world for this. > > Meaning, "may", combined with a setting that allows plaintext > passwords only over encrypted connections. Not sure if that makes > trouble shooting easier than when TLS is always required, though.
It does. One can test CRAM-MD5 also in a telnet session. The SASL_README refers to a script, gen-auth, that assists creating the necessary response. p@rick -- All technical questions asked privately will be automatically answered on the list and archived for public access unless privacy is explicitely required and justified. saslfinger (debugging SMTP AUTH): <http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>
