Red Hat Bugzilla – Bug 995900
Postfix should say authentication fails because the corresponding cyrus sasl module isn't installed
Last modified: 2013-08-12 07:35:32 EDT
Description of problem:
Probably needs to be kicked upstream.
Configure postfix to do STARTTLS + SASL password authentication. Anonyomous login is disallowed using "noanonymous"
It just doesn't work.
In the log:
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp: starting new SASL client
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp: name_mask: noanonymous
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp: smtp_sasl_authenticate: mail.your-server.de[188.8.131.52]:587: SASL mechanisms LOGIN PLAIN
Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp: warning: SASL authentication failure: No worthy mechs found
After some time it turns out that postfix/smtp does not find "worthy mechs" for plaintext login because....
$ yum install cyrus-sasl-plain
was not performed, i.e. the Cyrus SASL module was missing
Postfix should really say "I can't do it ... and these are the mechanisms currently known: ... maybe look at your cyrus sasl packages"
So that one gets a hint about what might be going wrong.
This is documented, http://www.postfix.org/SASL_README.html#client_sasl:
> This default policy, which allows no plaintext passwords, leads to
> authentication failures if the remote server only offers plaintext
> authentication mechanisms (the SMTP server announces "AUTH PLAIN LOGIN"). In
> such cases the SMTP client will log the following error message:
> SASL authentication failure: No worthy mechs found
> This same error message will also be logged when the libplain.so or
> liblogin.so modules are not installed in the /usr/lib/sasl2 directory.
The libplain.so and liblogin.so are provided by 'cyrus-sasl-plain' package and this package is provided by 'standard' group which is required by most of the other groups.
This shouldn't happen in the default installation and it is also documented in the upstream documentation, thus it is not a bug, but RFE that should be addressed upstream.