On 12/6/2012 4:54 AM, jug...@lavabit.com wrote: >> and for the above to /work/ dovecot needs to offer a non-plaintext >> mechanism, such as CRAM-MD5. > >> I would strongly suggest removing the "noplaintext" keyword during >> testing. > > Can it be used on a regular basis (i.e., not just for testing)?
Yes, tell dovecot to offer non-plaintext mechanisms. Alternately, tell postfix to not offer non-TLS AUTH with main.cf smtpd_tls_auth_only = yes > Will it be > better to enable a non-plaintext mechanism? Which one is the best? There is no best, there is only what fits your needs. I expect it's common to specify smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = noanonymous and then after verifying that SASL works, adding smtpd_tls_auth_only = yes -- Noel Jones
