Have a multi server install, NE 5.0.10.

Server A is LDAP master, no proxy and mailstore/MTA.
Server B is LDAP replica, imap proxy/mailstore/MTA.

A and B are at different sites and communicate over the Net, any clear text is undesirable.

Test mail account sits on A. Email client configured for IMAPS on 993 to B.

When B proxies the connect to A, it's over IMAP (143) not IMAPS (993). Why?

Sniffing the traffic, I see the auth information in plain text, even though server A is configured with cleartext disabled (and it rightly denies the login).

Am I missing a configuration item?
Why no TLS for the proxied connection?