diff --git a/src/auth/auth-request-handler.c b/src/auth/auth-request-handler.c
index e3b805ec69..a8f505128e 100644
--- a/src/auth/auth-request-handler.c
+++ b/src/auth/auth-request-handler.c
@@ -14,6 +14,7 @@
 #include "auth-penalty.h"
 #include "auth-request.h"
 #include "auth-token.h"
+#include "auth-client-connection.h"
 #include "auth-master-connection.h"
 #include "auth-request-handler.h"
 #include "auth-policy.h"
@@ -583,6 +584,13 @@ bool auth_request_handler_auth_begin(struct auth_request_handler *handler,
 		/* No initial response */
 		request->initial_response = NULL;
 		request->initial_response_len = 0;
+	} else if (handler->conn->version_minor < 2 && *initial_resp == '\0') {
+		/* Some authentication clients like Exim send and empty initial
+		   response field when it is in fact absent in the
+		   authentication command. This was allowed for older versions
+		   of the Dovecot authentication protocol. */
+		request->initial_response = NULL;
+		request->initial_response_len = 0;
 	} else if (*initial_resp == '\0' || strcmp(initial_resp, "=") == 0 ) {
 		/* Empty initial response - Protocols that use SASL often
 		   use '=' to indicate an empty initial response; i.e., to