* Charlie Brady scribbled: > > On Wed, 24 Jul 2002, Gordon Rowell wrote: > > > We've seen this with some POP servers using CRAM-MD5 - fetchmail didn't do > > that properly in the past, but is supposedly fixed in the version shipped > > with 5.5 We're looking to force password authentication in the future. > > Unfortunately fetchmail doesn't have an option to try to connect using > SSL, but fall back to cleartext if SSL is not available.
That's a pretty scary option. Falling back to unencrypted authentication is rarely somethin you would want to do. You need to make a decision, will I do this without encryption or won't I. The exception to the rule is with TLS where the channel starts out in ascii and encryption is neotiated. -z -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org