On Tue, 18 Jun 2019 16:41:06 -0600 "@lbutlr via dovecot" <dovecot@dovecot.org> wrote:
> What is the reason for wanting to enable CRAM-MD5? That was intended > to use on unsecured connections; you should not be allowing > authentication on unsecured connections in 2019. > > Establish a secure submission on port 587 or smtps on 465 and do not > use CRAM-MD5 at all. > Possibly a backwards compatibility thing? (eg: legacy mail settings migrating to a new dovecot server). It get's difficult to argue the need for changing settings en-masse to a full customer base all at once ... For a while iPhones wanted to default to CRAM-MD5 as well...
