I reckon that other people might run into this problem as well. So why not document my workaround for googlersto find it.
I have configured postfix on my laptop to act as a smart relay. My mailclients use localhost as the sending MTA and the laptop postfix MTA sets up a connection (over TLS with SASL) authentication to my main server.
After updating to Tiger the mails started queuing and I found errors like:
/var/log/mail.log:May 17 19:32:38 secret-wg-mobile-warrior postfix/smtp[15714]: warning: SASL authentication failure: GSSAPI Error: Miscellaneous failure (No credentials cache found)
This problem is caused because postfix on Tiger is compiled with Kerberos support.
Unfortunatelly the version that ships with Tiger (2.1.5, I think) does not have the client side configuration option one can use to disable GSSAPI using the smtp_sasl_mechanism_filter. That is available as of version 2.2. This flag would allow to exclude ‘gssapi’ from the authentication mechanisms the client (the laptops mailserver) uses to authenticate to the server (my main mailserver).
One therefore has to muck around with the SASL configuration on the server end. All is nicely documented in the "SASL authentication" document.
The trick is to add a line mech_list: digest-md5 cram-md5 to the SASL configuration file (/usr/local/lib/sasl2/smtpd.conf on my FreeBSD ports install of postfix)
My /usr/local/lib/sasl2/smtpd.conf reads:
pwcheck_method: saslauthd
mech_list: digest-md5 cram-md5
Please leave a comment if you stumble upon this and it helped.