> On 08/06/2026 16:41 EEST Jochen Bern via dovecot <[email protected]> wrote: > > > Am 08.06.26 um 15:24 schrieb Aki Tuomi: > > One thing to mention right off the bat is that Dovecot has not > > allowed unencrypted logins by default, even if Outlook has. > > > > This has required, even in the past, that you set > > `disable_plaintext_auth = no`, which allows you to log in w/o SSL. > Hmmm, the author wrote that port 110 was left open for the sake of > clients wanting to do STARTTLS, so which kind of "w/o SSL" are we > talking here ... ? > > (I admit that there's no clear demonstration - a la tcpdump or wireshark > - in any versions of the report I've seen *proving* beyond doubt that > auth+e-mails went through the wire *un*encrypted ... other than Outlook > versions apparently being affected that are said to *predate* STARTTLS.) > > Kind regards, > -- > Jochen Bern > Systemingenieur > Binect GmbH
Without the setting, you have to use either STARTTLS or direct TLS (your connection must be secured/encrypted), or dovecot will not let you in, and will give an error. It does not matter if you use 110 or 993. Aki _______________________________________________ dovecot mailing list -- [email protected] To unsubscribe send an email to [email protected]
