Am 29.01.2014 23:44, schrieb Dennis Putnam: > On 1/29/2014 4:22 PM, li...@rhsoft.net wrote: >> >> Am 29.01.2014 22:14, schrieb Dennis Putnam: >>> I have made yet another discovery. Perhaps this is the problem. When the >>> EHLO command is send, should there not be the line: >> to the destination server i assume >> >>> 250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 PLAIN >>> >>> Is that not what triggers the sasl authentication? That line is missing. Is >>> that perhaps the crux problem? If so is there a way for forced postfix to >>> authenticate anyway? Thanks. >> please post the complete output i bet there is "250-STARTTLS" too and >> you do have http://www.postfix.org/TLS_README.html#server_tls_auth >> enabled which means there is no AUTH announcement before STARTLS >> was finished >> > Thanks for the reply. You are correct but what does it mean and what do > I do? > > 220 smtp.att.yahoo.com ESMTP ready > EHLO home.bellsouth.net > 250-smtp.att.yahoo.com > 250-PIPELINING > 250-SIZE 41697280 > 250-8 BITMIME > 250 STARTTLS
enable opportunistic TLS on your postfix smtp-client since you don't control the destination and maybe you need also use port 587 in your transport because port 25 may or may not support authentication in mordern setups only port 587 (submission) should be used for send authenticated mails and if someone can do that (we can't because too many client configurations out of control) someone could disable authentication on port 25 completly which blocks any didctionary attack from the first start http://www.postfix.org/TLS_README.html#client_tls smtp_use_tls = yes smtp_tls_loglevel = 1 smtp_tls_security_level = may
