Help on CRAM-MD5
Shaun Johnson
shaun at linuxmagic.com
Wed Jun 19 01:56:53 EEST 2019
On Tue, 18 Jun 2019 16:41:06 -0600
"@lbutlr via dovecot" <dovecot at dovecot.org> wrote:
> What is the reason for wanting to enable CRAM-MD5? That was intended
> to use on unsecured connections; you should not be allowing
> authentication on unsecured connections in 2019.
>
> Establish a secure submission on port 587 or smtps on 465 and do not
> use CRAM-MD5 at all.
>
Possibly a backwards compatibility thing? (eg: legacy mail settings
migrating to a new dovecot server). It get's difficult to argue the
need for changing settings en-masse to a full customer base all at
once ...
For a while iPhones wanted to default to CRAM-MD5 as well...
More information about the dovecot
mailing list