On 18 Jun 2019, at 16:56, Shaun Johnson via dovecot dovecot@dovecot.org wrote:
On Tue, 18 Jun 2019 16:41:06 -0600 "@lbutlr via dovecot" dovecot@dovecot.org wrote:
What is the reason for wanting to enable CRAM-MD5? That was intended to use on unsecured connections; you should not be allowing authentication on unsecured connections in 2019.
Establish a secure submission on port 587 or smtps on 465 and do not use CRAM-MD5 at all.
Possibly a backwards compatibility thing?
I don’t see how, it should never have been enabled on a secure connection, so there’s nothing to be compatible with.
For a while iPhones wanted to default to CRAM-MD5 as well…
Only for insecure connections as I recall.
I can’t think of any reason for using CRAM-MD5 with STARTTLS on submission or secured smtps. YMMV, but it offers absolutely no advantage to secure authentication.
-- All our loves are first loves