As of Cyrus-SASL-2.x SASL is able to limit the mechanisms it will offer when an application e.g. Postfix uses it. This is done by setting the parameter mech_list in /usr/lib/sasl2/smtpd.conf.
You can check this by telnetting to your Postfix server:
Example 2. Telnet to Postfix server to test for SASL mechanisms it offers
[root@hosting root]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 mail.state-of-mind.de ESMTP Postfix (1.1.11-20021106) NO UCE EHLO client.example.com 250-mail.state-of-mind.de 250-PIPELINING 250-SIZE 20480000 250-ETRN 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-XVERP 250 8BITMIME QUIT 221 Bye Connection closed by foreign host.
This parameter is not available to Cyrus-SASL-1.5.x users. If you want to limit the mechanisms you must remove the corresponding libraries from your /usr/lib/sasl directory, which is a bad idea™ if other applications using SASL rely on exactly those libraries you remove.