289939Re: warning:xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms
- Dec 6, 2012On 12/6/2012 9:54 PM, jugree@... wrote:
>> common to specifyRight, postfix won't offer AUTH unless the session is TLS-encrypted,
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sasl_tls_security_options = noanonymous
>> and then after verifying that SASL works, adding
>> smtpd_tls_auth_only = yes
> Does it mean that my session will be encrypted using TLS, but there
> won't be any encryption inside the tunnel?
and all credentials are protected by TLS.
Postfix (and the SASL backend) will still happily use any supported
mechanisms inside TLS, but now there's no particular advantage for
the non-plaintext mechanisms since everything is already encrypted
> I assume it's pretty secure for most cases. Could you confirm?More secure, because with TLS the mail content is encrypted, not
just the credentials.
>Many popular desktop clients only support PLAIN and LOGIN (both
> Anyway, I'll try to configure a non-plaintext mechanism.
considered plain-text equivalent), but it (most likely) won't hurt
to offer additional mechanisms.
-- Noel Jones
- << Previous post in topic