Marcus Rueckert wrote:
> > What am I missing?
> dovecot -n output would help.
It would, but I found/fixed the problem already.
I had to set the following:
protocol imap {
disable_plaintext_auth=no
}
The default has changed from "no" to "yes" between 1.1.20 and 2.0.1, but
the conversion routine didn't pick it up (the wiki Documentation
suggests the default is still "no". Perhaps this should be updated?)
This still requires TLS on port 993, so there's no additional hole opened.
Ironically, we published plans some time back to disable local-access
plaintext imap logins in October and have been warning users to change
their settings but 90% of them hadn't yet done so.