On 08/06/2026 16:41 EEST Jochen Bern via dovecot <dovecot@dovecot.org> wrote:
Am 08.06.26 um 15:24 schrieb Aki Tuomi:
One thing to mention right off the bat is that Dovecot has not allowed unencrypted logins by default, even if Outlook has.
This has required, even in the past, that you set
disable_plaintext_auth = no, which allows you to log in w/o SSL. Hmmm, the author wrote that port 110 was left open for the sake of clients wanting to do STARTTLS, so which kind of "w/o SSL" are we talking here ... ?(I admit that there's no clear demonstration - a la tcpdump or wireshark
- in any versions of the report I've seen *proving* beyond doubt that auth+e-mails went through the wire *un*encrypted ... other than Outlook versions apparently being affected that are said to *predate* STARTTLS.)
Kind regards,
Jochen Bern Systemingenieur Binect GmbH
Without the setting, you have to use either STARTTLS or direct TLS (your connection must be secured/encrypted), or dovecot will not let you in, and will give an error. It does not matter if you use 110 or 993.
Aki