0
Short and simple -- I don't understand why this is still working.
My configs have
disable_plaintext_auth = yes
ssl = required
which, according to the docs, means
SSL/TLS is always required, even if non-plaintext authentication mechanisms are used. Any attempt to authenticate before SSL/TLS is enabled will cause an authentication failure.
And yet I can still
$ telnet 0 110
+OK Dovecot ready.
user xxxxxx
+OK
pass xxxxxx
+OK Logged in.
list
+OK 2 messages:
1 3761
2 4057
.
quit
What am I doing wrong?
D'oh! Thank you very much. Indeed I get the expected error from remote hosts. – hymie – 2016-09-26T12:11:39.333