Ich glaub hier steht die Lösung:
* BAD [ALERT] Plaintext authentication is disabled, but your client sent
password in plaintext anyway. If anyone was listening, the password was
exposed.
1 NO Plaintext authentication disabled.
Dazu steht in der original Config bei mir:
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
Also die Variable entsprechend ändern:
disable_plaintext_auth = no