* on the Fri, Mar 07, 2014 at 11:34:04AM +0000, Jasen Betts wrote: >> https://github.com/mikecardwell/EximPhishReplyBuster >> >> It's a tool that I wrote for Exim which prevents people from sending >> their passwords to other people via email. I blogged about it here: > > It should be possible to exend that to also working with CRAM-MD5 as > in that case exim already knows the password.
True. But if you're using verified SSL during mail submission (which you should be), CRAM-MD5 doesn't give you anything useful. In fact it makes matters worse by requiring the server to know the plain text password, instead of just being able to store a hash of it. I can't imagine a situation where I would ever use CRAM-MD5. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
