On Jul 12, 2018, at 9:23 PM, Gedalya <gedalya@gedalya.net> wrote:

On 07/13/2018 08:45 AM, J Doe wrote:
I’m aware that this is because the code does not state to specify “TLS” for the dovecot/imap [user@example.com 1.2.3.4 IDLE] line of output, but I’m curious as to why that decision was made ?

TLS is done by the imap-login process. This process does all the actual talking to the client. The imap process blindly trusts whoever invoked it (imap-login), it doesn't authenticate the user either. Timo didn't want any crypto or authentication code, or to link against any such libraries in the imap process itself.

Your imap-login process does show TLS and this can be logged in the log file as well, see login_log_format_elements and the variables %c and %k

Hi Gedalya,

Ah, ok - that makes sense.

Thanks also for pointing me to the login_log_format_elements parameter - I will read up on this.

- J