dovecot-bounces@dovecot.org wrote:

I noticed that...

# Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addresses. #disable_plaintext_auth = yes

...was added to the latest release. Thanks Timo! This takes the localhost-SSL burden off. :)

I just tried this with the updated RPM for Fedora Core 2.

With:

imap_listen = [::] disable_plaintext_auth = yes

IMAP did NOT work from the local host.

Changing it to:

imap_listen = 127.0.0.1 disable_plaintext_auth = yes

Made it work for me.

Not sure if this is a known issue or not.

John