On Sun, 8 Dec 2019 21:52:39 +0100, Patrick Ben Koetter stated: >* Gerard E. Seibert <postfix-users@postfix.org>: >> Thank you for that quick and accurate answer. I was just wondering, >> is this a bug in 'libsasl' or is it due to a change in Outlook? My >> setup had been working for years without any errors. > >It's very likely not a bug, but simply how SASL works. Unless >configured explicitly to act different (any) SASL will always try to >use the mechanism that offers the highest security strengh factor. > >OAUTH2 offers higher security than PLAIN, simply because PLAIN sends >the identity (username, password) BASE64 encoded only. Encrypted >connections are out of scope of the PLAIN mech. > >This said I do assume your system upgrade added OAUTH2 mechs, where >there had been none on your old system. And what used to work because >PLAIN was the only mech and therefore had the highest security strengh >factor suddenly began to fail because now OAUTH2 was preferred over >PLAIN. > >Limiting the list of SASL mechs that may be used, just like Wietse >wrote, explicitly configures Cyrus SASL to ignore any other mechs >except for those on the list. > >p@rick
I know that this is going to sound stupid, and probably does not belong on this list, but how exactly do I add "QAUTH2 mechs" to my system and do I have to do anything special to postfix? Please feel free to refer me to a better place to ask this question. -- Gerard
