On 07 Jul 2020, at 10:11, Sebastian Nielsen <sebastian@sebbe.eu> wrote:
If the IMAP server cannot be accessed from the outside, and the traffic don't travel over wifi or public networks, no danger.
No, not no danger, but certainly less danger. The most obvious dangers even in a closed environment is if someone can monitor the network, they gather all the passwords. Of course, more common albeit harder is for a bad actor to gain access inside your network.
It is simple enough to use encrypted connections and good password policies<1> everywhere that there is really no reason to not do so. And supporting EOLed software, especially when it's little more than an attempt to save a little money, is a foolish reason to not use security IMO.
As soon as you start thinking that your network is inviolate, you find yourself in a Sony situation where everything on your network has been taken by someone else. Just because someone gets in is no reason to give them the keys to everything you have.
<1> actual good policies, not the idiotic ones most corporations use, of course.