Hello Dovecot community, I have a backend database application that handles all system wide user authentication (from web to mail and more). Passwords are not stored in plain text. So I would like to support more than PLAIN. Perhaps at least CRAM-MD5 or DIGEST-MD5 for example. Even though connections over TLS are encouraged (and even enforced). Some MUA and users still think its a better idea than PLAIN (even sent over an encrypted session). I have a vague memory of getting some warnings with thunderbird in regards to the use of PLAIN. Of course the %w variable would have to include the challenge as well as the response. Or perhaps even a seperate variable for the challenge? Or course at the moment the %w variable is an empty string for anything other than PLAIN. This would make some users and MUAs happy (even though pointless over TLS - I agree). Your thoughts would be appreciated. Regards, Julian. -- Not time for sigs!