Re: no SASL authentication mechanisms

Sun, 11 Oct 2015 07:59:34 -0700 

* niya levi <niyal...@gmail.com>:
> 
> 
> On 11/10/15 11:49, Patrick Ben Koetter wrote:
> > * niya levi <niyal...@gmail.com>:
> >> nano /etc/dovecot/dovecot.conf
> >>
> >> service auth {
> >>   unix_listener /var/spool/postfix/private/auth {
> >>     group = postfix
> >>     mode = 0666
> >>     user = postfix
> >>   }
> >> }
> > No reason to let others read auth data. Make that:
> >
> > mode = 0660
> >
> >> postconf -n
> >> broken_sasl_auth_clients = yes                                             
> >>                                                                            
> >>                                                    
> >> myorigin = $myhostname
> >> smtpd_sasl_auth_enable = yes
> >> smtpd_sasl_exceptions_networks = $mynetworks
> >> smtpd_sasl_local_domain = $myhostname
> >> smtpd_sasl_path = private/auth
> >> smtpd_sasl_security_options = noanonymous noplaintext
> > That's the problem. Your dovecot server only annouces PLAIN as auth 
> > mechanism
> > (by default). Modify the smtpd_sasl_security_options like this:
> >
> > smtpd_sasl_security_options = noanonymous
> >
> > Then try again.
> >
> > I suggest to configure your mail server to offer SMTP AUTH on submission 
> > (587)
> > only. Enforce TLS on the submission port and PLAIN will be safe to use.
> >
> > p@rick
> >
> >> Oct 11 10:45:43 testy postfix/smtpd[16760]: 
> >> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
> >> Oct 11 10:45:43 testy postfix/smtpd[16760]: 
> >> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
> >> Oct 11 10:45:43 testy postfix/smtpd[16760]: fatal: no SASL authentication 
> >> mechanisms
> thanks p@rick
> have corrected smtpd_sasl_security_options.
> > I suggest to configure your mail server to offer SMTP AUTH on submission 
> > (587)
> > only. Enforce TLS on the submission port and PLAIN will be safe to use.
> should i change smtpd_sasl_auth_enable = yes to no in main.cf
> move the rest of the sasl entries in main.cf yo master.cf

Leave all settings in main.cf and disable smtpd_sasl_auth_enable in main.cf.
Then turn it on in master.cf in context of the submission service.

> and change the smtpd_tls_auth_only in the submission section in
> master.cf to yes ?

yep.

p@rick


-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

Reply via email to