I noticed that Dovecot is set by default to authenticate using Plain-text. Is this really OK from a security standpoint?
When I try to include other authentication methods, e.g. Digest-MD5, Cram-MD5, APOP, Dovecot server stopped working.
What's the deal? Can we up the security barrier up a little on this?