CRAM-MD5 Support on POP/IMAP/SMTP
Idea shared by Scarab - October 24, 2014 at 12:07 PM
Proposed
It would appear that Smartermail does not provide support for CRAM-MD5 on POP/IMAP/SMTP and only supports Plain-Text Authentication Method.
 
Although it is true that CRAM-MD5 is far less secure than connections encrypted with TLS, it should be an option available for those without SSL as it is still a better option than Plain-Text without SSL/TLS.
 
Primarily, the main reason I make this suggestion is that all Apple products (both MacOS and iOS devices) default to CRAM-MD5 ("MD5 Challenge-Response"on all connections (including previously configured accounts) every time there is an update, which generates a huge number of support calls for Smartermail every time a new iOS or MacOS update is released.

2 Replies

Reply to Thread
0
What version of SmarterMail are you using. I'm on the latest and it supports CRAM-MD5 just fine. Here's what my server replys after an ehlo:

250-SIZE
250-AUTH LOGIN CRAM-MD5
250-STARTTLS
250-8BITMIME
250 OK

Telnet to your server on port 25 and just issue an ehlo and see what your server responds with.

-Joe
Thanks,
-Joe
0
Confirming Joe's findings:

220 securemail.chicagonettech.com Sat, 25 Oct 2014 03:11:12 +0000 UTC | Smarter Mail Enterprise 12.5.5409.18348
EHLO
250-securemail.chicagonettech.com Hello [XXX.XXX.XXX.XXX]
250-SIZE 52428800
250-AUTH CRAM-MD5
250-STARTTLS
250-8BITMIME
250 OK

with the exception that we've completely disabled the plain text login capabilities
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread