Dne 06. 03. 26 v 18:05 Steve Litt via dovecot napsal(a):
Vladislav Kurz via dovecot said on Fri, 6 Mar 2026 09:29:23 +0100
2.4.x has replaced disable_plaintext_auth = yes with auth_allow_cleartext = no , but it doesn't seem to be an exact replacement. Trying on both Localhost and a real address was the first thing I thought of, but with 2.4.2, my results were that auth_allow_cleartext = no placed right after the listen did not prevent plain text access on 10.0.2.15, which is the address of my Qemu VM guest:
The trick is that you have to check from another host. Trying the "real address" 10.0.2.15 from the same host is treated the same as if you try "127.0.0.1"
If you haven't yet transitioned from 2.3.x to 2.4.x, I'd suggest that you get it running on a test machine before cutting over, because there are some surprises.
I know it is off topic, but can you be more specific, what should I watch for? I have several dovecot servers waiting for upgrade...
-- Best regards Vladislav Kurz