Author: Jeremy Harris Date: To: exim-users Subject: Re: [exim] Is that SPAM? Or am I compromised?
On 13/03/2023 23:43, Gedalya via Exim-users wrote: > 4. On ports 587, authentication should not be advertised before STARTTLS is issued.
A slight suggested relaxation of that rule: Only authentication methods
which are self-encrypted should be used on a cleartext channel.
That mean the same as your simpler rule for PLAIN and LOGIN, which are
the common ones. But the SCRAM family, for example, would be safe.
--
Cheers,
Jeremy