Postfix "SASL authentication failure: No worthy mechs found" [closed]

Trying to use postfix with smtp to connect to google's smtp. When trying to send mail, I get this error:

Sep 15 14:04:41 zedsaid postfix/smtp[20271]: certificate verification failed for smtp.gmail.com[74.125.95.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Sep 15 14:04:42 zedsaid postfix/smtp[20271]: warning: SASL authentication failure: No worthy mechs found
Sep 15 14:04:42 zedsaid postfix/smtp[20271]: 1BACD968B23: to=<[email protected]>, relay=smtp.gmail.com[74.125.95.109]:587, delay=0.92, delays=0.06/0.03/0.83/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.95.109]: no mechanism available)

Running Debian 4.0.

Ideas?

Solution 1:

It looks like the clue is right here:

untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

you need to get the equifax cert and add it to your list of trusted CA certs.

I think that these are available here: http://www.geotrust.com/resources/root-certificates/

Solution 2:

(New user, can't post comment reply to sebix. Also removed all links.)

For modern installations (such as Ubuntu 16.04) that use Postfix as an SMTP client with SASL-auth to a remote server (e.g. like shown on the Debian wiki), it might indeed be needed to specify

smtp_sasl_security_options = noanonymous

What this does, however, is remove the noplaintext option (currently the default is noplaintext, noanonymous as per the postconf manual). smtp_sasl_tls_security_options defaults to $smtp_sasl_security_options. This could become an issue under some (mis)configurations, or in the future if defaults change.

EDITED: At the moment, though, it doesn't seem likely, especially if SASL is done in a TLS session. This is forced if the remote server has smtpd_tls_auth_only or smtpd_enforce_tls (which implies the former) or whatever non-Postfix equivalent.

To check what Postfix defaults to, use postconf -d (via).