I've been experimenting with trying to forcing users to use TLS when they access their mail via IMAP:143 but have come across some very strange behaviour. I discovered that to force TLS I just have to change the variable IMAP_TLS_REQUIRED to 1. This variable lives in /usr/lib/courier-imap/etc/imapd-ssl or /etc/courier-imap/imapd-ssl on a 7.5.4 box. In theory with this variable set courier should only allow users to login when they use TLS. Unfortunately after making IMAP_TLS_REQUIRED=1 all my mailclients hang. So then I checked the logs and discovered that the daemon is logging in ok but its trying to read "maildir=/root" rather then "maildir=/var/qmail/mailnames/DOMAINNAME/USERNAME/Maildir". Even stranger is that if i set IMAP_TLS_REQUIRED=0 and force the client to use TLS courier works fine and reads the correct maildir. In the end i have just left things like that and told my clients that for the best security they SHOULD use TLS but it seems I cant enforce this. Can anyone from plesk shed some light on this?