SASL may be used in multi-provider scenarios, where some providers offer
"xoauth2" for authentication, where other providers still require "login" authentication.
Configuring the according postfix main.cf statement accordingly
smtp_sasl_mechanism_filter = xoauth2,login
may lead to non-deterministic behavior, because both plug-ins specified the same "SSF"
value of "0" (security strength factor) and sasl could not reliable determine which
plug-in to prefer.
tarickb
commented
3 years ago
SASL may be used in multi-provider scenarios, where some providers offer "xoauth2" for authentication, where other providers still require "login" authentication.
Configuring the according postfix main.cf statement accordingly
may lead to non-deterministic behavior, because both plug-ins specified the same "SSF" value of "0" (security strength factor) and sasl could not reliable determine which plug-in to prefer.
With the higher SSF of 60, xoauth2 now is prefered over those plug-ins specifying only a default SSF and over GSSAPI, too (https://www.cyrusimap.org/sasl/sasl/authentication_mechanisms.html#authentication-mechanisms)