Viktor Dukhovni <postfix-us...@dukhovni.org> writes: >> On Feb 6, 2018, at 1:26 AM, Olivier <olivier.nic...@cs.ait.ac.th> wrote: >> >>> TLS is set up just fine. What's failing is SASL. Perhaps there are >>> different authentication settings on port 587 than on 25, and remaking >>> the email account has the effect of switching the submission port? >>> >>> Other factors to consider: >>> >>> http://www.postfix.org/postconf.5.html#smtpd_sasl_local_domain >>> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options >> >> Both are left to the default (empty) on the old and new server. > > If recreating the account on the client side resolves the issue, and > successful authentication is PLAIN, but what was failing before the > account reset was also PLAIN, then the only conclusion is that the > client settings were wrong. Whether the incorrect setting was the > username, the password, the port, ... hard to say. What is clear > is that there's no Postfix issue, since merely recreating the login > on the MUA end is sufficient.
Thank you for the help. The problem was not postfix but a combination of cyrus-sasl and ldap: a user LDAP encrty needs an objectClass of shadowAccount to be working, not all my users had it (especially the older ones). Combined to that the fact that when doing the test internally, the autnetication could be bypassed by postfix if it did not succeed, so I was reading false results. I apologize for the noise. Olivier --
