Terry Gardner wrote: > can the server be configured to reject all requests on that exception > except for the StartTLS extended request in order to prevent clients from > transmitting data in the clear? Watch out for configuration directives 'security' and 'sasl-secprops'. You might want to set TLSCipherSuite to avoid that a client uses a weak cipher or crypto protocol. But strictly speaking nothing prevents a misconfigured client to send clear-text credentials over the wire. Rejecting processing them only gives a strong hint that this is not the desired behaviour... Ciao, Michael.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature