Submitted by “The major disadvantage of PLAIN text passwords on the server of course is that they are readable. Even if your communication with the server is encrypted it is troubling to have readable passwords on the server. You can easily change this by using the dovecotpw command and creating encrypted passwords.”
MD5 is not sufficient for any situation where there could be an adversary. http://www.mscs.dal.ca/~selinger/md5collision/ Use SHA-256 or the like. MD5 can only be useful when checking for errors when no attacker is suspected.
How are collisions relevant in this discussion? Hashing passwords is just about making them non-recoverable in case the password database leaks, nothing more.
No, it’s not relevant since it’s challenge-response. Collisions are only relevant if you know the output the server wants to see.
But using MD5 for security should raise the big red flag of bad ideas.
Anyway, wikipedia lists some (imho) major issues with cram-md5 :
http://en.wikipedia.org/wiki/CRAM-MD5#Protocol_Weaknesses