IMAP SASL SASL AUTH CRAM-MD5 SASL AUTH PLAIN SASL DOWNGRADE RFC2195 # # Server-side AUTH CRAM-MD5 PLAIN REPLY "AUTHENTICATE CRAM-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + REPLY AHVzZXIAc2VjcmV0 A003 OK AUTHENTICATE completed From: me@somewhere To: fake@nowhere body -- yours sincerely # # Client-side imap crypto IMAP CRAM-MD5 authentication with SASL downgrade 'imap://%HOSTIP:%IMAPPORT/833/;MAILINDEX=1' -u user:secret # # Verify data after the test has been "shot" A001 CAPABILITY A002 AUTHENTICATE CRAM-MD5 * A003 AUTHENTICATE PLAIN AHVzZXIAc2VjcmV0 A004 SELECT 833 A005 FETCH 1 BODY[] A006 LOGOUT