On 2014-01-23 at 01:43 +0100, Wolfgang Breyha wrote: > Personally I wouldn't use both for new installations. LOGIN/PLAIN after > STARTTLS is just fine.
I strongly disagree. LOGIN/PLAIN assumes that the TLS layer will, each and every time, provide complete assurance that you're connecting to the expected server. A compromise, such as via a malicious cert from a poor quality CA, or an end-user behaving like an end-user and clicking through some dialogue box complaining of a cert mismatch, will result in disclosure of the persistent bearer credential that is a password. This is a Rather Poor security model. If clients support it, I'd preferentially pick a SCRAM authenticator, which uses Channel Binding, so that properties of the TLS session are used as input to identification, thus successful authentication _proves_ that the remote side of _this_ TLS session has access to the server-side credential store (protecting against MitM attacks) and avoids disclosing the password too. After SCRAM, supported by Exim with GSASL (and enable the Exim server_channelbinding option) I push for GSSAPI (in more structured environments), DIGEST-MD5 (which provides mutual authentication without the channel-binding protection), and CRAM-MD5. PLAIN auth is a disservice to your users; if they're using a client which only supports PLAIN/LOGIN then they're using a client written by someone clueless about network security and there's no reason to trust that the client is safe to use in other aspects. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
