Wow! You hit the point!
Obrigado Cordialmente Gilberto Ferreira Consultor TI Linux | IaaS Proxmox, CloudStack, KVM | Zentyal Server | Zimbra Mail Server (47) 3025-5907 (47) 99676-7530 Skype: gilberto.nunes36 konnectati.com.br <http://www.konnectati.com.br/> https://www.youtube.com/watch?v=dsiTPeNWcSE 2017-07-12 11:44 GMT-03:00 Viktor Dukhovni <postfix-us...@dukhovni.org>: > > > On Jul 12, 2017, at 9:48 AM, Stephan Brauss <sbra...@bluewin.ch> wrote: > > > > The SMTP server of my ISP requires authentification (user/password), but > > I do not want to use SASL and SSL/TLS. > > The *protocol* used to exchange authentication credentials between SMTP > clients and SMTP servers is the SASL protocol. Postfix uses SASL libraries > to implement the SASL protocol. > > SASL can be used without TLS, but by default, the PLAIN mechanism is > restricted to TLS. Because storing cleartext passwords on servers is > a security (and reputation for incompetence) risk, most servers only > support PLAIN, and do not support CRAM-MD5 and the like, which require > stored cleartext passwords. > > You can enable PLAIN without TLS via the corresponding (non-tls) SASL > options setting, but the ISP may not support PLAIN without TLS, or if > it does so now, may improve their password security in the future and > disallow PLAIN without TLS. > > Basically, you're fighting against the tools that properly do the job. > To authenticate with a username and password against a submission > service you need to use SASL and TLS. > > -- > Viktor. > >
