Postfix smtp (saslauth/rimap) login failures [SOLVED]

[ocbMaurice]

Just wanted to post this here, since it took me an evening to finally discover why my mail setup didn't want to accept my smtp passwords anymore.

I'm using Postfix via cyrus-sasl, which is in turn configured to check authentication via remote imap server (rimap mech to courier-imap to be exact).

After enabling all kind of log-levels, I finally found that `testsaslauthd -f /var/run/saslauthd/mux -u user@domain -p XXX`logged:

`auth_rimap: [user@domain] saslauthd NO STARTTLS required`

The message is a bit confusing to digest, but after consulting the cyrus-sasl code, it was clear that courier-imap was saying "NO STARTTLS required".
It's still pretty confusing, as it turns out it is actually meaning "NO STARTTLS command was given, but it is required".
After consulting the courier-imap docs, I found that there is a`IMAP_TLS_REQUIRED` option for courier-imap.

So adding `IMAP_TLS_REQUIRED=0` to `/etc/courier-imap/imapd` finally solved the authentication issue.

No idea when this was enfored, but pretty sure my setup was working OK a few months ago ...

Hope this post may help someone else saving some time and headache.

[szatox]

So adding `IMAP_TLS_REQUIRED=0` to `/etc/courier-imap/imapd` finally solved the authentication issue.

This looks like an absolutely terrible idea. Revert it immediately, then go to "receive mail" settings in your mail client and put something sane there. E.g. enable starttls.
And once you're done with those, you should probably change your password too.


One exception to this is if you're using a proxy for terminating SSL, so your connection is secure, but courrier doesn't know about it.
TBH, this wouldn't really look that great either.