Postfix "SASL authentication failure: No worthy mechs found"

debian postfix authentication sasl

10,261

Solution 1

It looks like the clue is right here:

untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

you need to get the equifax cert and add it to your list of trusted CA certs.

I think that these are available here: http://www.geotrust.com/resources/root-certificates/

Solution 2

I have the error: SASL authentication failure: No worthy mechs found

with postfix running in a RaspberryPi3 (Debian 10 - Raspbian)

I fix installing the package libsasl2-modules

sudo apt update
sudo apt install libsasl2-modules

Hope it can help someone else.

Solution 3

(New user, can't post comment reply to sebix. Also removed all links.)

For modern installations (such as Ubuntu 16.04) that use Postfix as an SMTP client with SASL-auth to a remote server (e.g. like shown on the Debian wiki), it might indeed be needed to specify

smtp_sasl_security_options = noanonymous

What this does, however, is remove the noplaintext option (currently the default is noplaintext, noanonymous as per the postconf manual). smtp_sasl_tls_security_options defaults to $smtp_sasl_security_options. This could become an issue under some (mis)configurations, or in the future if defaults change.

EDITED: At the moment, though, it doesn't seem likely, especially if SASL is done in a TLS session. This is forced if the remote server has smtpd_tls_auth_only or smtpd_enforce_tls (which implies the former) or whatever non-Postfix equivalent.

To check what Postfix defaults to, use postconf -d (via).

Solution 4

this solved it for me (on centos 7 not default, was OK on older Centos versions)

yum install cyrus-sasl{,-plain} 
service postfix restart

Solution 5

Possibly multiple problems here, the certs being one and another maybe related to smtp_sasl_security_options. I once solved a problem involving that "no mechs" message by setting smtp_sasl_security_options=noanonymous following a clue found on linuxquestions.org

View more solutions

10,261

Zed Said

Updated on September 17, 2022

Comments

Zed Said almost 2 years

Trying to use postfix with smtp to connect to google's smtp. When trying to send mail, I get this error:

Sep 15 14:04:41 zedsaid postfix/smtp[20271]: certificate verification failed for smtp.gmail.com[74.125.95.109]:587: untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Sep 15 14:04:42 zedsaid postfix/smtp[20271]: warning: SASL authentication failure: No worthy mechs found
Sep 15 14:04:42 zedsaid postfix/smtp[20271]: 1BACD968B23: to=<[email protected]>, relay=smtp.gmail.com[74.125.95.109]:587, delay=0.92, delays=0.06/0.03/0.83/0, dsn=4.7.0, status=deferred (SASL authentication failed; cannot authenticate to server smtp.gmail.com[74.125.95.109]: no mechanism available)

Running Debian 4.0.

Ideas?

joschi almost 14 years

Post the output of postconf -n and all other relevant configuration files of Postfix. You don't seem to have smtp_sasl_password_maps configured in your main.cf.

sebix over 9 years

What is the suggested solution?
Marcus Ahlberg about 3 years

This solved it for me using Alpine. Although Alpine doesn't list a cyrus-sasl-plain package I was able to install it and it solved the problem.
jvilalta about 3 years

This fixed it for me on Raspbian. Thank you.