6 Mar
2026
6 Mar
'26
9:29 a.m.
Dne 06. 03. 26 v 0:04 Steve Litt via dovecot napsal(a):
Hi all,
I put auth_allow_cleartext = no in my 2.4.2 dovecot.conf, but my Claws-Mail client can still access it, even though there are no key files. I tried putting this setting in several different places: Didn't prevent plain access. I tried switching from 127.0.0.1 to 10.0.2.15, same problem.
In my experience (dovecot 2.3.13 with disable_plaintext_auth = yes), it allowed plaintext on loopback interface, but not when accessing remotely. This is imho good, so that local webmail can access imap at localhost without wasting cpu cycles on ecnryption.
I have the option near the top of the file, not in any block. E.g. right after listen.
-- Best regards Vladislav Kurz