If client tries to do LOGIN even if it's disabled, send [ALERT] to user.

--HG--
branch : HEAD

diff --git a/src/imap-login/client-authenticate.c b/src/imap-login/client-authenticate.c
index 3f1035ba9b81f88f6464339a7469c55cd2897c23..4eddbd1c2d0ea05c64434c3c26293f983c43c8bf 100644 (file)
--- a/src/imap-login/client-authenticate.c
+++ b/src/imap-login/client-authenticate.c
@@ -167,6 +167,10 @@ int cmd_login(struct imap_client *client, struct imap_arg *args)
        pass = IMAP_ARG_STR(&args[1]);
 
        if (!client->tls && disable_plaintext_auth) {
+               client_send_line(client,
+                       "* BAD [ALERT] Plaintext authentication is disabled, "
+                       "but your client sent password in plaintext anyway."
+                       "If anyone was listening, the password was exposed.");
                client_send_tagline(client,
                                    "NO Plaintext authentication disabled.");
                return TRUE;