I believe I have the configuration set to use START TLS on IMAP4 (143) and POP3 (110) ports.  However, it does not seem to be working.  Yet "STARTTLS" is listed as a capability (which tells me I probably do have it configured right).

In the session below, 172.30.0.24 is the mail server I'm putting up. 64.26.60.229 is an outside mail service. A similar thing happens on POP3. The always-SSL/TLS ports (993 and 995) are working. There's very little documentation matching "starttls".

======================================================================== altair/phil /home/phil 162> telnet 172.30.0.24 143 Trying 172.30.0.24... Connected to 172.30.0.24. Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 STARTTLS LOGINDISABLED] AUTHORIZED USERS ONLY -- unauthorized access strictly prohibited STARTTLS STARTTLS BAD Error in IMAP command received by server. ^]quit

telnet> quit Connection closed. altair/phil /home/phil 163> telnet 64.26.60.229 143 Trying 64.26.60.229... Connected to 64.26.60.229. Escape character is '^]'.

• OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc.  See COPYING for distribution information. STARTTLS STARTTLS OK Begin SSL/TLS negotiation now. ^]quit

telnet> quit Connection closed. altair/phil /home/phil 164>

I do have "disable_plaintext_auth = yes" in my config file even though "dovecot -n" does not show it ... must be a default.

======================================================================== # 1.1.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.31-19-server x86_64 Ubuntu 9.10 ext3 base_dir: /var/run/dovecot/ log_path: /var/log/dovecot/error.log info_log_path: /var/log/dovecot/info.log log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s listen: 172.30.0.24, [fc00::18], 127.0.0.1, [::1] ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_parameters_regenerate: 24 ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot//login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_greeting: AUTHORIZED USERS ONLY -- unauthorized access strictly prohibited login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no mail_max_userip_connections(default): 10 mail_max_userip_connections(imap): 10 mail_max_userip_connections(pop3): 3 verbose_proctitle: yes first_valid_uid: 250 mail_privileged_group: mail mail_uid: vmail mail_gid: vmail mail_location: maildir:/home/mail/%Ld/%Ln/mail mail_debug: yes mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_process_size: 768 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh auth default: mechanisms: plain login username_format: %Ln@%Ld verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: username_format=%Ln@%Ld /etc/mailauth/deny deny: yes passdb: driver: passwd-file args: username_format=%Ln /etc/mailauth/%Ld/deny deny: yes passdb: driver: passwd-file args: scheme=crypt username_format=%Ln@%Ld /etc/mailauth/passwd passdb: driver: passwd-file args: scheme=crypt username_format=%Ln /etc/mailauth/%Ld/passwd userdb: driver: passwd-file args: username_format=%Ln@%Ld /etc/mailauth/passwd userdb: driver: passwd-file args: username_format=%Ln /etc/mailauth/%Ld/passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail group: vmail