On Jan 11 Philip Hazel wrote:
>> lovely, but I want to require TLS for AUTH LOGIN and AUTH PLAIN (granted
>> it's a little late by then, but..), but to accept AUTH CRAM-MD5.
>
>Look in $smtp_command_argument. You can use a "condition" condition to
>test it. I'll try to make this fact a bit more prominent in the doc.
Lovely (as usual :), perhaps this sort of ACL might be a useful example:
# Do our best to prevent passwords being sent in clear text:
# ie require TLS for AUTH PLAIN or AUTH LOGIN but accept AUTH CRAM-MD5.
# If we advertise STARTTLS, clients shouldn't do the wrong thing
# by attempting an AUTH PLAIN with the password which we deny
# even though by then it's too late!