Today we're trying to forbid any access to our imapd without encryption, so I upped the sasl_minimum_layer to 128, and two things happened: first, LOGIN still works unencrypted; second, timsieved started refusing logins from avelsieve (a Squirrelmail plugin).
So.. is there a way to really require encryption from any host except localhost? If not, could there be please? This would solve both of my problems! Matt [I can fix the second problem by upgrading to PHP 4.3, but (unfortunately) the box is Debian system and I know of no packages for PHP 4.3 even in unstable..]
