IMAP SASL SASL AUTH CRAM-MD5 SASL AUTH PLAIN SASL DOWNGRADE RFC2195 # # Server-side AUTH CRAM-MD5 PLAIN REPLY "AUTHENTICATE CRAM-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + REPLY dXNlcgB1c2VyAHNlY3JldA== A003 OK AUTHENTICATE completed From: me@somewhere To: fake@nowhere body -- yours sincerely # # Client-side imap crypto IMAP CRAM-MD5 authentication with SASL downgrade 'imap://%HOSTIP:%IMAPPORT/833/;UID=1' -u user:secret # # Verify data after the test has been "shot" A001 CAPABILITY A002 AUTHENTICATE CRAM-MD5 * A003 AUTHENTICATE PLAIN dXNlcgB1c2VyAHNlY3JldA== A004 SELECT 833 A005 FETCH 1 BODY[] A006 LOGOUT