On 07 Jul 2020, at 10:11, Sebastian Nielsen <sebast...@sebbe.eu> wrote: > If the IMAP server cannot be accessed from the outside, and the traffic don't > travel over wifi or public networks, no danger.
No, not no danger, but certainly less danger. The most obvious dangers even in a closed environment is if someone can monitor the network, they gather all the passwords. Of course, more common albeit harder is for a bad actor to gain access inside your network. It is simple enough to use encrypted connections and good password policies<1> everywhere that there is really no reason to not do so. And supporting EOLed software, especially when it's little more than an attempt to save a little money, is a foolish reason to not use security IMO. As soon as you start thinking that your network is inviolate, you find yourself in a Sony situation where everything on your network has been taken by someone else. Just because someone gets in is no reason to give them the keys to everything you have. <1> actual good policies, not the idiotic ones most corporations use, of course.