Thank you very much for posting this. Looking at the diffs across configurations, I tried all these options, without success:
* service dns_client block
* turn off global separator variable
* auth_mechanisms login plain gssapi cram-md5
My dovecot configuration is the common denominator of multiple Notes.app clients not working, so I’m pretty sure I’ve configured it in a way that macOS Notes.app doesn’t like.
The only other difference I see is the ldap passwd and userdb driver.
Looks like I’ll have to wait for some inspiration and free time to break out wireshark to dig further.
Thanks again,
Steve
https://wiki2.dovecot.org/Debugging/Rawlog might be more useful than wireshark.