1 |
On Sat, Mar 28, 2020 at 19:23:24 +0000, Andreas Stiasny wrote: |
2 |
> When I compare the output of "grep -i sasl /etc/postfix/main.cf" to your |
3 |
> configuration the only noticeable difference is that you don't have the line |
4 |
> |
5 |
> smtpd_sasl2_auth_enable = yes |
6 |
|
7 |
Seems the T.L.S.\ encryption was the culprit. Although all the S.A.S.L.\ options |
8 |
were configured correctly, `telnet` wasn't reporting it as T.L.S.\ was |
9 |
optional in general, but required for authentication. |
10 |
|
11 |
smtpd_tls_security_level = may |
12 |
smtpd_tls_auth_only = yes |
13 |
|
14 |
Changing `smtpd_tls_security_level` to `encrypt` seems to fix the issue, such |
15 |
that a STARTTLS is now required for most actions aside from HELO/EHLO. |
16 |
|
17 |
According to [1], the `sql_select: dummy` is only required if cyrus-sasl is |
18 |
built with MySQL/PostgreSQL support, which in this case is not required due to |
19 |
the help of courier-authlib. |
20 |
|
21 |
Thanks for your help. It seems that I also forgot to add `smtpd_sasl_auth_enable |
22 |
= yes` for some reason *; the name isn't exactly cryptic! |
23 |
|
24 |
[1] Gentoo Forums, |
25 |
https://forums.gentoo.org/viewtopic-t-502523.html |
26 |
|
27 |
* Despite me using S.A.S.L. 2 (/etc/sasl2), Postfix doesn't seem to recognise |
28 |
* the `smtpd_sasl2_auth_enable` option, only `smtpd_sasl_auth_enable`. |
29 |
|
30 |
-- |
31 |
|
32 |
Ashley Dixon |
33 |
suugaku.co.uk |
34 |
|
35 |
2A9A 4117 |
36 |
DA96 D18A |
37 |
8A7B B0D2 |
38 |
A30E BF25 |
39 |
F290 A8AA |