Postfix "SASL authentication failure: No worthy mechs found"

Solution 1:

(New user, can't post comment reply to sebix. Also removed all links.)

For modern installations (such as Ubuntu 16.04) that use Postfix as an SMTP client with SASL-auth to a remote server (e.g. like shown on the Debian wiki), it might indeed be needed to specify

smtp_sasl_security_options = noanonymous

What this does, however, is remove the noplaintext option (currently the default is noplaintext, noanonymous as per the postconf manual). smtp_sasl_tls_security_options defaults to $smtp_sasl_security_options. This could become an issue under some (mis)configurations, or in the future if defaults change.

EDITED: At the moment, though, it doesn't seem likely, especially if SASL is done in a TLS session. This is forced if the remote server has smtpd_tls_auth_only or smtpd_enforce_tls (which implies the former) or whatever non-Postfix equivalent.

To check what Postfix defaults to, use postconf -d (via).

Solution 2:

this solved it for me (on centos 7 not default, was OK on older Centos versions)

yum install cyrus-sasl{,-plain} 
service postfix restart

---

Solution 3:

It looks like the clue is right here:

untrusted issuer /C=US/O=Equifax/OU=Equifax Secure Certificate Authority

you need to get the equifax cert and add it to your list of trusted CA certs.

I think that these are available here: http://www.geotrust.com/resources/root-certificates/

---

Solution 4:

Possibly multiple problems here, the certs being one and another maybe related to smtp_sasl_security_options. I once solved a problem involving that "no mechs" message by setting smtp_sasl_security_options=noanonymous following a clue found on linuxquestions.org