Description of problem: ----------------------- Probably needs to be kicked upstream. Configure postfix to do STARTTLS + SASL password authentication. Anonyomous login is disallowed using "noanonymous" It just doesn't work. In the log: Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: starting new SASL client Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: name_mask: noanonymous Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: smtp_sasl_authenticate: mail.your-server.de[78.46.5.205]:587: SASL mechanisms LOGIN PLAIN Aug 11 22:39:50 ip-10-178-10-122 postfix/smtp[12978]: warning: SASL authentication failure: No worthy mechs found After some time it turns out that postfix/smtp does not find "worthy mechs" for plaintext login because.... $ yum install cyrus-sasl-plain was not performed, i.e. the Cyrus SASL module was missing Postfix should really say "I can't do it ... and these are the mechanisms currently known: ... maybe look at your cyrus sasl packages" So that one gets a hint about what might be going wrong. Version-Release --------------- postfix-2.10.1-1.fc19.x86_64
This is documented, http://www.postfix.org/SASL_README.html#client_sasl: > This default policy, which allows no plaintext passwords, leads to > authentication failures if the remote server only offers plaintext > authentication mechanisms (the SMTP server announces "AUTH PLAIN LOGIN"). In > such cases the SMTP client will log the following error message: > > SASL authentication failure: No worthy mechs found > > Note > > This same error message will also be logged when the libplain.so or > liblogin.so modules are not installed in the /usr/lib/sasl2 directory. The libplain.so and liblogin.so are provided by 'cyrus-sasl-plain' package and this package is provided by 'standard' group which is required by most of the other groups. This shouldn't happen in the default installation and it is also documented in the upstream documentation, thus it is not a bug, but RFE that should be addressed upstream.