Sebastian Robin Nielsen via dovecot said on Fri, 06 Mar 2026 20:52:25 +0100
However, it should still prevent plain if you have ssl = required, because that will require clients to EITHER use STARTTLS *OR* use a non-PLAIN login method over unencrypted IMAP.
This is good information. Thanks Sebastian. I confirmed approximately what you said by toggling Claws mail receiving SSL between "Use SSL" as opposed to "Don't use SSL" and "Use STARTTLS", restarting Claws-mail with each toggle. However, my desire is to have Dovecot have absolutely no dealings with anything not SSL, regardless of the setup of their client.
By setting listen to 0, you actually disable STARTTLS and require clients to use a dedicated TLS port like 993.
The preceding is *exactly* what I want, and my testing confirms that yes, it works just that way.
Thanks,
SteveT
Steve Litt