Author: Bill Hacker Date: To: exim Subject: Re: [exim] AUTH over TLS only
Marc Haber wrote:
> On Thu, 1 Dec 2005 13:46:42 +0000 (GMT), Philip Hazel
> <ph10@???> wrote:
>
>>On Thu, 1 Dec 2005, Marc Haber wrote:
>>
>>>It should prevent a well-behaved client from authenticating since it
>>>does only advertise AUTH over encrypted connections. Of course, a very
>>>broken client who insists to authenticate even to a server that
>>>doesn't advertise AUTH is not prevented.
>>
>>It's not prevented from *trying*, but Exim won't accept AUTH unless it
>>has advertised it.
>
>
> Is there a MUA so broken that it tries to authenticate without the
> server having advertised AUTH? I think that even Outlook does _this_
> right.
>
> Greetings
> Marc
>
Yes.
Certain versions of Apple's alleged MUA.
Not sure which, as we unconditionally s-can that POS, but it would be
'pre Tiger' for sure.
Logs - ordinarily quiet on this issue - have shown it trying AUTH PLAIN
and AUTH LOGIN one each for two iterations, then silently (at the
desktop) failing for quite a while before it pops up an error message.