From fe4cafeb17701dad78da08d8a4618cc70adb6664 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Thu, 15 Feb 2001 23:10:02 +0000
Subject: Explain the < test.

svn path=/trunk/; revision=3108
---
 pop3.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'pop3.c')

diff --git a/pop3.c b/pop3.c
index 0b23e8cf..79026af3 100644
--- a/pop3.c
+++ b/pop3.c
@@ -198,13 +198,16 @@ int pop3_getauth(int sock, struct query *ctl, char *greeting)
 
 	/*
 	 * AUTH command may return a list of available mechanisms.
-	 * if it doesn't, no harm done.  Efficiency hack: most servers
-	 * don't implement this, so don't do it at all unless the
-	 * server advertises APOP with <> in the greeting line.  This
-	 * certainly catches IMAP-2000's POP3 gateway.
+	 * if it doesn't, no harm done.
+	 *
+	 * APOP was introduced in RFC 1450, and POP3 AUTH not until
+	 * RFC1734. So the < check is an easy way to prevent AUTH from
+	 * being sent to the more primitive POP3 servers dating from
+	 * RFC 1081 and RFC 1225, which seem more likely to choke on
+	 * it.  This certainly catches IMAP-2000's POP3 gateway.
 	 * 
 	 * These authentication methods are blessed by RFC1734,
-	 * POP3 AUTHentication command.
+	 * describing the POP3 AUTHentication command.
 	 */
 	if (strchr(greeting, '<') && gen_transact(sock, "AUTH") == 0)
 	{
-- 
cgit v1.2.3