On 2015-09-05 12:03, Jeremy Harris wrote: > On 05/09/15 19:54, AC wrote: >> Until this thread I didn't know that the >> password is base64 encoded in the AUTH PLAIN debug output (before it's >> printed as plain text in $auth3 otherwise). I assumed it was a hashed >> string so I didn't expect it to match every time. > > Because of this, restricting plaintext auth methods to encrypted > connections is a good move. > Yes, I would agree. I have mine set up to use a TLS encrypted connection started by STARTTLS. Is there a way to combine the SASL authentication with a hashing algorithm or is STARTTLS+PLAIN sufficient?
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
