> On Jul 12, 2017, at 9:48 AM, Stephan Brauss <sbra...@bluewin.ch> wrote:
>
> The SMTP server of my ISP requires authentification (user/password), but
> I do not want to use SASL and SSL/TLS.
The *protocol* used to exchange authentication credentials between SMTP
clients and SMTP servers is the SASL protocol. Postfix uses SASL libraries
to implement the SASL protocol.
SASL can be used without TLS, but by default, the PLAIN mechanism is
restricted to TLS. Because storing cleartext passwords on servers is
a security (and reputation for incompetence) risk, most servers only
support PLAIN, and do not support CRAM-MD5 and the like, which require
stored cleartext passwords.
You can enable PLAIN without TLS via the corresponding (non-tls) SASL
options setting, but the ISP may not support PLAIN without TLS, or if
it does so now, may improve their password security in the future and
disallow PLAIN without TLS.
Basically, you're fighting against the tools that properly do the job.
To authenticate with a username and password against a submission
service you need to use SASL and TLS.
--
Viktor.
