> On 18 Jun 2019, at 16:56, Shaun Johnson via dovecot <dovecot@dovecot.org>
> wrote:
>
> On Tue, 18 Jun 2019 16:41:06 -0600
> "@lbutlr via dovecot" <dovecot@dovecot.org> wrote:
>
>> What is the reason for wanting to enable CRAM-MD5? That was intended
>> to use on unsecured connections; you should not be allowing
>> authentication on unsecured connections in 2019.
>>
>> Establish a secure submission on port 587 or smtps on 465 and do not
>> use CRAM-MD5 at all.
>>
>
> Possibly a backwards compatibility thing?
I don’t see how, it should never have been enabled on a secure connection, so
there’s nothing to be compatible with.
> For a while iPhones wanted to default to CRAM-MD5 as well…
Only for insecure connections as I recall.
I can’t think of any reason for using CRAM-MD5 with STARTTLS on submission or
secured smtps. YMMV, but it offers absolutely no advantage to secure
authentication.
--
All our loves are first loves
