I emphasized a few bits:
The SMTP server may require authentication. Mailman supports setting the SMTP
user name and password. The actual authentication mechanism used is
controlled by Python's `smtplib module`_, which tries the more secure `CRAM-MD5` first,
followed by the less secure mechanisms `PLAIN` and `LOGIN`.
When sending authentication data between Mailman and the MTA over an unsecured network, the submission (mail) server should offer `CRAM-MD5` as mechanism to have Python's `smtplib module` automatically choose the more secure mechanism.