Hi,

Dovecot v2.4.0 changed authentication protocol slightly to allow new functionality (SCRAM TLS channel binding). It attempted to preserve backwards compatibility by checking client-provided VERSION first before sending data that the client wouldn't handle correctly. However, Exim's Dovecot authenticator doesn't send VERSION until Dovecot has sent the whole authentication handshake. This causes Exim to get stuck when trying to authenticate.

I guess we'll provide some kind of a workaround for v2.4.1, but this should get fixed on Exim side as well. Attached a patch that I tested works (against 4.97-4ubuntu4).