How do we disable LOGIN-REFERRALS?

[sb]

> Network Working Group                                           M. Gahrns
> Request for Comments: 2221 Microsoft
> Category: Standards Track October 1997
>
>                          IMAP4 Login Referrals
...
> 6. Security Considerations
>
>    The IMAP4 login referral mechanism makes use of IMAP URLs, and as
>    such, have the same security considerations as general internet URLs
>    [RFC-1738], and in particular IMAP URLs [IMAP-URL].
>
>    A server MUST NOT give a login referral if authentication for that
>    user fails. This is to avoid revealing information about the user's
>    account to an unauthorized user.
>
>    With the LOGIN-REFERRALS capability, it is potentially easier to
>    write a rogue 'password catching' server that collects login data and
>    then refers the client to their actual IMAP4 server.  Although
>    referrals reduce the effort to write such a server, the referral
>    response makes detection of the intrusion easier.