diff -ur src/imapd/imapd.c.orig src/imapd/imapd.c
--- src/imapd/imapd.c.orig	2005-01-20 20:20:11.000000000 -0500
+++ src/imapd/imapd.c	2005-07-29 01:39:31.441147048 -0400
@@ -260,6 +260,7 @@
   unsigned char *s,*t,*u,*v,tmp[MAILTMPLEN];
   struct stat sbuf;
   time_t autologouttime = 0;
+  int starttls = NIL;
   char *pgmname = (argc && argv[0]) ?
     (((s = strrchr (argv[0],'/')) || (s = strrchr (argv[0],'\\'))) ?
      (char *) s+1 : argv[0]) : "imapd";
@@ -432,7 +433,9 @@
 	  if (pass) fs_give ((void **) &pass);
 	  initial = NIL;	/* no initial argument */
 	  cancelled = NIL;	/* not cancelled */
-				/* mandatory first argument */
+	  if (tcp_serverport () == 143 && !starttls) {
+	    mail_parameters (NIL,SET_SERVICENAME,(void *) "imapclear");
+	  }			/* mandatory first argument */
 	  if (!(s = snarf (&arg))) response = misarg;
 	  else if (arg && (!(initial = snarf (&arg)) || arg))
 	    response = badarg;	/* optional second argument */
@@ -461,6 +464,9 @@
 	    response = (response == altwin) ? logwinalt : logwin;
 	    syslog (LOG_INFO,"Authenticated user=%.80s host=%.80s",
 		    user,tcp_clienthost ());
+	    if (tcp_serverport () == 143 && !starttls)
+	      syslog (LOG_NOTICE,"Non-secure login user=%.80s host=%.80s",
+		      user,tcp_clienthost ());
 	  }
 	  else {
 	    AUTHENTICATOR *auth = mail_lookup_auth (1);
@@ -512,7 +518,9 @@
 	  }
 	  else {		/* delimit user from possible admin */
 	    if (s = strchr (user,'*')) *s++ ='\0';
-				/* see if username and password are OK */
+	    if (tcp_serverport () == 110 && !starttls) {
+	      mail_parameters (NIL,SET_SERVICENAME,(void *) "imapclear");
+	    }			/* see if username and password are OK */
 	    if (server_login (user,pass,s,argc,argv)) {
 	      state = SELECT;	/* make select */
 	      alerttime = 0;	/* force alert */
@@ -520,6 +528,9 @@
 	      response = (response == altwin) ? logwinalt : logwin;
 	      syslog (LOG_INFO,"Login user=%.80s host=%.80s",user,
 		      tcp_clienthost ());
+	      if (tcp_serverport () == 143 && !starttls)
+		syslog (LOG_NOTICE,"Non-secure login user=%.80s host=%.80s",
+			user,tcp_clienthost ());
 	    }
 	    else response = "%.80s NO %.80s failed\015\012";
 	  }
@@ -528,6 +539,7 @@
 	else if (!strcmp (cmd,"STARTTLS")) {
 	  if (arg) response = badarg;
 	  else if (lsterr = ssl_start_tls (pgmname)) response = lose;
+	  else starttls = T;
 	}
 	else response =
 	  "%.80s BAD Command unrecognized/login please: %.80s\015\012";