On 13.06.2013 00:31, Gary Kuznitz wrote:
I selected "Do not use CRAM-MD5 authentication even if it is advertised" It's now woking.
Then technically, Verizon is having a problem in that they announce an auth mech that actually doesn't work ... (Though that *might* change from one *user* to another.)
Do you know if there is any way to remove the emails with the user name and password from the archives?
Those mails did not only go to the mailinglist's archives, but also to however may subscribers, some of them possibly being just feeds into *other* public archives. Note, however, that your log contained not the actual password but the HMAC-MD5 digest of it and the challenge string; it's the *purpose* of HMACs that one cannot derive the "key" (password) from challenge and digest alone.
(And that's also the reason why a server doing HMAC-MD5 needs a *plaintext* copy of the password *itself* to verify the digest.)
Regards, J. Bern