Is Dovevot authentication method using Plain-text secure?

I noticed that Dovecot is set by default to authenticate using Plain-text. Is this really OK from a security standpoint?

When I try to include other authentication methods, e.g. Digest-MD5, Cram-MD5, APOP, Dovecot server stopped working.

What’s the deal? Can we up the security barrier up a little on this?


Use pop3s instead of pop3 in the config. Where the ‘s’ means ssl.

Protocols we want to be serving:

imap imaps pop3 pop3s

protocols = imaps pop3s

Brilliant. Now why didn’t I think of that! Thanks, Scott.