| 1 |
On Sat, Mar 28, 2020 at 19:23:24 +0000, Andreas Stiasny wrote: |
| 2 |
> When I compare the output of "grep -i sasl /etc/postfix/main.cf" to your |
| 3 |
> configuration the only noticeable difference is that you don't have the line |
| 4 |
> |
| 5 |
> smtpd_sasl2_auth_enable = yes |
| 6 |
|
| 7 |
Seems the T.L.S.\ encryption was the culprit. Although all the S.A.S.L.\ options |
| 8 |
were configured correctly, `telnet` wasn't reporting it as T.L.S.\ was |
| 9 |
optional in general, but required for authentication. |
| 10 |
|
| 11 |
smtpd_tls_security_level = may |
| 12 |
smtpd_tls_auth_only = yes |
| 13 |
|
| 14 |
Changing `smtpd_tls_security_level` to `encrypt` seems to fix the issue, such |
| 15 |
that a STARTTLS is now required for most actions aside from HELO/EHLO. |
| 16 |
|
| 17 |
According to [1], the `sql_select: dummy` is only required if cyrus-sasl is |
| 18 |
built with MySQL/PostgreSQL support, which in this case is not required due to |
| 19 |
the help of courier-authlib. |
| 20 |
|
| 21 |
Thanks for your help. It seems that I also forgot to add `smtpd_sasl_auth_enable |
| 22 |
= yes` for some reason *; the name isn't exactly cryptic! |
| 23 |
|
| 24 |
[1] Gentoo Forums, |
| 25 |
https://forums.gentoo.org/viewtopic-t-502523.html |
| 26 |
|
| 27 |
* Despite me using S.A.S.L. 2 (/etc/sasl2), Postfix doesn't seem to recognise |
| 28 |
* the `smtpd_sasl2_auth_enable` option, only `smtpd_sasl_auth_enable`. |
| 29 |
|
| 30 |
-- |
| 31 |
|
| 32 |
Ashley Dixon |
| 33 |
suugaku.co.uk |
| 34 |
|
| 35 |
2A9A 4117 |
| 36 |
DA96 D18A |
| 37 |
8A7B B0D2 |
| 38 |
A30E BF25 |
| 39 |
F290 A8AA |
Archives