I'm thinking that instead of 'Plain' in the logs above I should be seeing 'MD5'.
One thing I should mention is that our LDAP server type is set to 'Unknown or Other'. If I set it to OpenLDAP (which it actually is) sending a mail works, but takes anything up to 20 seconds or more to send. A delay that no one is willing to live with.
Any ideas or am I barking up the wrong tree altogether..?
I was heading along those lines as I noticed that any user sending from Mail on their Macs were listed as 'PLAIN', whereas Outlook users were showing as 'LOGIN' for their AUTH Mechanism.
Just FYI, the LOGIN method is deprecated, and has been replaced by PLAIN. Clients which use LOGIN simply haven't caught up with the standard.
Beyond that, whardison is right, you need to check the client settings. If the clients are properly configured to ask for CRAM-MD5, then the next step is to eavesdrop on a connection to see what actually transpires.
Incidentally, I'm not a big fan of CRAM-MD5. It requires keeping plaintext passwords on the server, which makes them more vulnerable to being stolen if the server is compromised. We use PLAIN and LOGIN over encrypted connections.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...