Loading ...
Sorry, an error occurred while loading the content.

289939Re: warning:xsasl_cyrus_server_get_mechanism_list: no applicable SASL mechanisms

Expand Messages
  • Noel Jones
    Dec 6, 2012
      On 12/6/2012 9:54 PM, jugree@... wrote:
      >> common to specify
      >> smtpd_sasl_security_options = noanonymous
      >> smtpd_sasl_tls_security_options = noanonymous
      >> and then after verifying that SASL works, adding
      >> smtpd_tls_auth_only = yes
      > Does it mean that my session will be encrypted using TLS, but there
      > won't be any encryption inside the tunnel?

      Right, postfix won't offer AUTH unless the session is TLS-encrypted,
      and all credentials are protected by TLS.

      Postfix (and the SASL backend) will still happily use any supported
      mechanisms inside TLS, but now there's no particular advantage for
      the non-plaintext mechanisms since everything is already encrypted
      with TLS.

      > I assume it's pretty secure for most cases. Could you confirm?

      More secure, because with TLS the mail content is encrypted, not
      just the credentials.

      > Anyway, I'll try to configure a non-plaintext mechanism.

      Many popular desktop clients only support PLAIN and LOGIN (both
      considered plain-text equivalent), but it (most likely) won't hurt
      to offer additional mechanisms.

      -- Noel Jones
    • Show all 13 messages in this topic