Its users FedoraLinux 43 who upgraded to the latest Dovecot mail server discovered something rather disturbing: some older Microsoft Outlook configurations had been silently ignoring SSL/TLS settings for POP3 email connections for years. 
According to a publication on the Fedora community blog, affected Outlook users reportedly continued to use insecure connections to port 110, even if encryption was enabled in the application's settings.
The issue emerged when Dovecot 2.4 disabled plaintext authentication on insecure connections by default, which caused Outlook users to suddenly lose access to their mailbox after upgrading to Fedora 43.
Our report indicates that the behavior may date back to Outlook 2007, although modern versions of Outlook were not fully tested.
Fedora administrators report that the problem could be limited to older account settings and not to current versions of Outlook itself.
However, the discovery has sparked discussions among Linux administrators and security people, because many users likely assumed their emails were encrypted simply because Outlook stated that SSL/TLS was enabled.
The incident also highlights how stricter defaults in modern open source infrastructure can expose ancient problems and questionable behaviors that have survived silently for decades.
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
