On Aug 23, 2013, at 21:38, David Hulsebus <dhulsebus@...
> I apologize in advance for the long post. I started working for a small ISP
> with around 3000 mailboxes and inherited a Postfix server that I've been
> auditing. It's based on Ubuntu 8.04 LTS, Postfix 2.51, and runs Courier for
> pop and imap authentication. It has encrypted passwords in a MySQL database.
> I believe I need to setup SSL connections for securely passing
> authentication information to authorize the smtp connection for local or
> remote clients with virtual accounts wanting to send e-mail.
> So I'm a bit stumped and confused. The TLS_README indicates I can use
> STARTTLS for all clients. Those clients will be everything from Outlook
> Express to Windows Live Mail, Thunderbird, Incredimail, etc... But without
> the ability to use CRAM-MD5, DIGEST-MD5, NTLM, how can I use TLS to make the
> connection and authorize the clients?
STARTTLS happens before AUTH, and it can be made a requirement to
continue. No TLS set up, no AUTH available. So basically, you cannot
send the plaintext password unless it's over an encrypted link.
To make PLAIN authentication work, I reckon you need to remove
'noplaintext' from 'smtpd_sasl_security_options'.
Note that Postfix 2.5.1 is rather old, and that Ubuntu 8.04.4 LTS was
EOL'd in May of this year. This means that it is no longer being
maintained, no security updates. Upgrading to a newer, supported
release is recommended.