Re: [exim] Exim4 + fixed_cram

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: Jan Ingvoldstad
Ημερομηνία:  
Προς: exim users
Αντικείμενο: Re: [exim] Exim4 + fixed_cram
On Thu, Jan 23, 2014 at 9:05 AM, Phil Pennock <pdp@???> wrote:

>
> This is not usable with CRAM-MD5. CRAM-MD5 requires access to the
> cleartext password. If you use DIGEST-MD5 instead, then you can use a
> stored form which is a particular MD5-transformation of the password,
> but still not the current scheme. If you're going down this path, then
> look to see if the clients support SCRAM auth and how you might store
> multiple hash transforms of the password in your database.
>
> Ideally, SCRAM-SHA-1-PLUS (for channel-binding) else SCRAM-SHA-1.
>


Do you (or anyone) know of a reliable list of MUAs supporting and not
supporting which of these features?

Typically, someone offering authenticated SMTP is more or less forced to
cater for a huge variety. :(

I'm thinking that a viable solution is to have different MUA-facing
servers, with different feature sets and requirements, depending on the MUA.

outlook.smtp.mydomain.example :)
--
Jan