Hello,

looks like SASL capability reported by dovecot in response to POP3 CAPA command doesn't conforms with rfc2449 which says:

     Examples:
         C: CAPA
         S: +OK Capability list follows
         S: TOP
         S: USER
         S: SASL CRAM-MD5 KERBEROS_V4
         S: RESP-CODES
         S: LOGIN-DELAY 900
         S: PIPELINING
         S: EXPIRE 60
         S: UIDL
         S: IMPLEMENTATION Shlemazle-Plotz-v302
         S: .

And later:

   The POP3 AUTH command [POP-AUTH] permits the use of [SASL]
   authentication mechanisms with POP3.  The SASL capability
   indicates that the AUTH command is available and that it supports
   an optional base64 encoded second argument for an initial client
   response as described in the SASL specification.  The argument to
   the SASL capability is a space separated list of SASL mechanisms
   which are supported.	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Dovecot sends SASL capability as list of AUTH=FOO pairs. Looks like copy-paste from IMAP code. Patch attached.

Best regards.

-- Andrey Panin | Linux and UNIX system administrator pazke@donpac.ru | PGP key: wwwkeys.pgp.net