IMAP SASL SASL AUTH CRAM-MD5 SASL AUTH PLAIN SASL DOWNGRADE RFC2195 # Server-side AUTH CRAM-MD5 PLAIN REPLY "AUTHENTICATE CRAM-MD5" + Rubbish REPLY * A002 NO AUTH exchange cancelled by client REPLY "AUTHENTICATE PLAIN" + REPLY %b64[%00user%00secret]b64% A003 OK AUTHENTICATE completed From: me@somewhere To: fake@nowhere body -- yours sincerely # Client-side imap crypto digest IMAP CRAM-MD5 authentication with SASL downgrade 'imap://%HOSTIP:%IMAPPORT/%TESTNUMBER/;MAILINDEX=1' -u user:secret # Verify data after the test has been "shot" A001 CAPABILITY A002 AUTHENTICATE CRAM-MD5 * A003 AUTHENTICATE PLAIN %b64[%00user%00secret]b64% A004 SELECT %TESTNUMBER A005 FETCH 1 BODY[] A006 LOGOUT