On 11.1.2011, at 6.48, Tom Talpey wrote: >>> The problem is that we have no way to enforce STARTTLS on 110, user can >>> connect to DoveCot on port 110, sending user credential without STARTTLS >>> (thus insecure). >> >> default_plaintext_auth = yes >> > You meant "disable_plaintext_auth", right? Yeah.