On 10.1.2011, at 23.09, Zhou, Yan wrote: > The problem is that we have no way to enforce STARTTLS on 110, user can > connect to DoveCot on port 110, sending user credential without STARTTLS > (thus insecure). default_plaintext_auth = yes It's the default.