Brian Szymanski wrote: > I want to restrict my auth handlers for plain and login to secure (SSL > or TLS) connections, so that CRAM-MD5 is the only one that can be used > with plaintext.
The recommended way to deal with that is to run branches/0.3x and use the file config/tls_before_auth config, which (if 0), only displays AUTH *after* tls has been enabled. Then you can support whatever AUTH mechanisms you like, in perfect safety. The majority of modern MUA's support TLS, so this shouldn't be a stretch. The entire AUTH framework, along with the TLS code, is due for a rewrite, but this really depends strongly on the wind blowing in exactly the correct direction for sufficient time to allow me time to do it... ;-) John
