I set it to the following: sasl_minimum_layer: 256 tls works fine but it also appears that non tls connections are working as well. Here is my test. mockingbird:/usr/local/mail# imtest -a daniel@xxxxxxxxxxxxxxxxxxxx -w password 192.168.0.50 S: * OK bayshorenetworks.com Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS S: C01 OK Completed C: L01 LOGIN daniel@xxxxxxxxxxxxxxxxxxxx {8} S: + go ahead C: <omitted> S: L01 OK User logged in Authenticated. Security strength factor: 0 C: Q01 LOGOUT Connection closed. As you can see it says L01 login ok. If I use tls (-s) then it says A01 login ok. So why didn't the imapd.conf setting stop unencrypted logins?