On Thu, Jan 23, 2014 at 9:05 AM, Phil Pennock <[email protected]> wrote: > > This is not usable with CRAM-MD5. CRAM-MD5 requires access to the > cleartext password. If you use DIGEST-MD5 instead, then you can use a > stored form which is a particular MD5-transformation of the password, > but still not the current scheme. If you're going down this path, then > look to see if the clients support SCRAM auth and how you might store > multiple hash transforms of the password in your database. > > Ideally, SCRAM-SHA-1-PLUS (for channel-binding) else SCRAM-SHA-1. >
Do you (or anyone) know of a reliable list of MUAs supporting and not supporting which of these features? Typically, someone offering authenticated SMTP is more or less forced to cater for a huge variety. :( I'm thinking that a viable solution is to have different MUA-facing servers, with different feature sets and requirements, depending on the MUA. outlook.smtp.mydomain.example :) -- Jan -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
