If both Outlook and Tbird clients can successfully connect with TLS, and you have no issues there, then you are safe with PLAIN LOGIN, why complicate your life by adding more methods (the actual credentials should be protected by TLS).
IIRC there was some reason (perhaps an advantage) to do cram-md5 with Outlook clients, but frankly it's been years since I had to do that so forgive the lack of more detailed information.
Try the postfix/dovecot combination for your SASL, if you have the chance (sounds like you're using something else). It is beautifully designed/integrated and will simplify your life there
|