Does anyone use dovecot for pop3/imap ? The documentation says that by default dovecots application will not let you log in as a root user however if for example I use Outlook express or Telnet and connect to my pop3 server with the username of root and the root password it authenticates it first then kicks you out doesn't that seem silly? Just to simplify things, if for example you use Outlook Express and connect to pop3.server.blah with username root and type in the WRONG password it will prompt for the password over and over until you get it right, once you get it right you get a can't login error because your trying to login as root, this would in turn allow anyone to try logging in with root username and try lots of root passwords (perhaps brute force) Isn't it kind of a security risk that it authenticates root regardless of weather or not it kicks you out afterwards? Any thoughts suggestions? PS: If I setup POP3 server to use "Secure password authentication" against an MD5 database does any webmail applications support logging into pop3/imap using secure password authentication ?