On Thu, Dec 01, 2005 at 05:55:04AM -0600, Mark Nipper wrote:
> Now, someone much more knowledgeable about such things
> than me will have to say whether that actually prevents a client
> from ignoring exim and attempting to authenticate anyway without
> TLS. But I don't think there is much helping that on the exim
> side anyway if the client just insists on acting stupidly.
If the client is properly compliant, then it won't know that it can auth,
but yes, unfortunately, there is nothing stopping this situation. It can
send the username and password to the server, but exim knows what
capabilities it has advertised and so will always send the appropriate 5xx
response back. (501, I think).
Cheers
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/
(Please use this address to reply)