After updating one of our 2 postfix mailservers we discovered that some email clients can’t deal with all the authentication options our mailserver presents to them. For example Eudora has an issue if postfix says it can do CRAM-MD5 as in the following example:
250-AUTH PLAIN DIGEST-MD5 LOGIN CRAM-MD5
250-AUTH=PLAIN DIGEST-MD5 LOGIN CRAM-MD5
For some reason it tries CRAM-MD5 first, that fails, then it does not try anything else. To solve that problem I edited /usr/lib/sasl2/smtpd.conf. I added “mech_list: login plain” to the end of that file. Now if I look at the AUTH line that postfix sends to clients, I see this:
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
Now all of our email clients can happily authenticate and send email again.