DevHeads.net

intermittent sasl auth fails?

I have a user with TBird saying they get ocassional error when trying to
send with SASL AUTH, looking at log, I see this;

Mar 17 22:10:44 postfix/smtpd[11975]: connect from
111-222-333-444.static.tpgi.com.au[111.222.333.444]
Mar 17 22:10:45 postfix/smtpd[11975]: Anonymous TLS connection established
from 111-222-333-444.static.tpgi.com.au[111.222.333.444]: TLSv1.2 with
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 17 22:10:47 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL PLAIN
authentication failed:
Mar 17 22:10:53 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:10:59 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL PLAIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:11:05 postfix/smtpd[11975]: warning:
111-222-333-444.static.tpgi.com.au[111.222.333.444]: SASL LOGIN
authentication failed: UGFzc3dvcmQ6
Mar 17 22:11:59 postfix/smtpd[11975]: disconnect from
111-222-333-444.static.tpgi.com.au[111.222.333.444] ehlo=2 starttls=1
auth=0/4 quit=1 commands=4/8

Mar 17 22:14:37 postfix/smtpd[12089]: connect from
111-222-333-444.static.tpgi.com.au[111.222.333.444]
Mar 17 22:14:38 postfix/smtpd[12089]: Anonymous TLS connection established
from 111-222-333-444.static.tpgi.com.au[111.222.333.444]: TLSv1.2 with
cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Mar 17 22:14:42 postfix/smtpd[12089]: 5425745329A0:
client=111-222-333-444.static.tpgi.com.au 111.222.333.444],
sasl_method=PLAIN, sasl_username= ... at tld dot com.au
Mar 17 22:14:42 postfix/smtpd[12089]: disconnect from
111-222-333-444.static.tpgi.com.au[111.222.333.444] ehlo=2 starttls=1
auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8
Mar 17 22:14:43 amavis[11177]: (11177-17) Passed CLEAN {RelayedOutbound},
ORIGINATING LOCAL [111.222.333.444]:54608 [111.222.333.444] < ... at tld dot com>
-> < ... at yahoo dot com>, Queue-ID: 5425745329A0, Message-ID:
<7252a376-030e-0a85-cede- ... at autopack dot com>, mail_id:
WUkk9VvorFcd, Hits: 0.076, size: 1111, queued_as: BAE5645329A6, 1303 ms

hmmmm, as I was munging the email address, I've noticed that:

the sasl username is ' ... at tld dot com.au' BUT on next line they have
' ... at tld dot com' (both domains are valid, tld.com as well as tld.com.au) -
could that be a problem ?

how else to t/s this ?

V