19 Jun
2019
19 Jun
'19
12:56 a.m.
On Tue, 18 Jun 2019 16:41:06 -0600 "@lbutlr via dovecot" dovecot@dovecot.org wrote:
What is the reason for wanting to enable CRAM-MD5? That was intended to use on unsecured connections; you should not be allowing authentication on unsecured connections in 2019.
Establish a secure submission on port 587 or smtps on 465 and do not use CRAM-MD5 at all.
Possibly a backwards compatibility thing? (eg: legacy mail settings migrating to a new dovecot server). It get's difficult to argue the need for changing settings en-masse to a full customer base all at once ...
For a while iPhones wanted to default to CRAM-MD5 as well...