Ok, I have a smart phone that can not auth for SMTP on this postfix box The error I get is May 6 09:53:39 GNUbox postfix/smtpd[16233]: TLS connection established from 2.sub-75-244-219.myvzw.com[75.244.219.2]: SSLv3 with cipher RC4-MD5 (128/128 bits) May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: No such file or directory May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: SASL authentication failure: no secret in database May 6 09:53:41 GNUbox postfix/smtpd[16233]: warning: 2.sub-75-244-219.myvzw.com[75.244.219.2]: SASL CRAM-MD5 authentication failed: authentication failure May 6 09:53:42 GNUbox postfix/smtpd[16233]: lost connection after AUTH from 2.sub-75-244-219.myvzw.com[75.244.219.2] May 6 09:53:42 GNUbox postfix/smtpd[16233]: disconnect from 2.sub-75-244-219.myvzw.com[75.244.219.2] So after trying to fix SASL (And failing - I would have to set it up again from scratch which I am not prepared to do rite now) I said - Ok - I'll just turn it off and see what happens but I still get and SASL error - see above - And this is what I find odd. If the server is not advertising SASL why is the client trying to negotiate it and why is the server looking to comply? Desktop clients work fine using TSL and password auth against the LDAP server. Which is what I would like to do for the phones at this point. Could I please get some help from some one smarter then I. Here is the appropriate segment of my main.cf file content_filter = smtp-amavis:[127.0.0.1]:10024 smtp_use_tls = yes smtp_tls_note_starttls_offer = yes smtp_tls_enforce_peername = no smtpd_use_tls = yes smtpd_enforce_tls = no smtp_tls_CApath = /usr/share/ssl/certs smtpd_tls_cert_file = /etc/postfix/ssl/mail.cmaz.com.crt smtpd_tls_key_file = /etc/postfix/ssl/mail.cmaz.com.key smtpd_tls_wrappermode = no smtpd_tls_auth_only = yes smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom tls_daemon_random_source = dev:/dev/urandom smtpd_sasl_auth_enable = no smtpd_sasl2_auth_enable = no #smtpd_sasl_local_domain = $myhostname #smtpd_sasl_security_options = noanonymous #smtpd_sasl_path = smtpd smtpd_client_restrictions = permit_mynetworks # permit_sasl_authenticated #smtpd_sasl_tls_security_options = $smtpd_sasl_security_options mime_header_checks = regexp:/etc/postfix/mime_header_checks smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_sender_access hash:/etc/postfix/whitelist, # check_sender_access ldap:whitelist, check_sender_access hash:/etc/postfix/spoofed-domains, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_destination, # reject_unauth_pipelining, #reject_rbl_client cbl.abuseat.org, #reject_rbl_client combined.njabl.org, #reject_rbl_client sbl-xbl.spamhaus.org, #reject_rbl_client relays.ordb.org, #reject_rbl_client list.dsbl.org, #reject_rhsbl_client blackhole.securitysage.com, #reject_rhsbl_sender blackhole.securitysage.com, # reject_non_fqdn_helo_hostname # reject_invalid_helo_hostname check_policy_service unix:/var/spool/postfix/postgrey/socket smtpd_data_restrictions = reject_multi_recipient_bounce # sleep 1 reject_unauth_pipelining --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss