Version:           1.11.1 (using KDE 4.2.1)
Compiler:          gcc 4.3.3 
OS:                Linux
Installed from:    Gentoo Packages

Our mailserver (dovecot) has the ability to send the imap capabilities in it's greeting message or to disable this behaviour:
-----------
# Send IMAP capabilities in greeting message. This makes it unnecessary for
# clients to request it with CAPABILITY command, so it saves one round-trip.
# Many clients however don't understand it and ask the CAPABILITY anyway.
login_greeting_capability = yes
-----------

With this option enabled, a telnet login prints the following output and kmail works without errors:
-----------
* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 STARTTLS AUTH=PLAIN] Dovecot ready.
-----------

But after setting this parameter to "no" (greeting then is "Dovecot ready"), kmail is not able to fetch emails with TLS enabled, though the detection of TLS works in the account settings. kmail seems to do nothing at all until the connection is closed by the server.
I had to set kmail to SSL instad and then it worked with the current server configuration.

So my guess is: kmail logs in and uses TLS properly for this connection if and only if the server _greets_ with STARTTLS, though the correct capabilities can be read with the capabilities-command.

Please let kmail either use the capabilities-command directly directly after connection (if no capabilities are received by the greeting message), which is probably the best way or let kmail use the settings from the account settings.

Oh, and a warning/notification in some way would be great, e.g. "Logging in... OK", "no capabilities in greeting, asking capabilities..." as label messages in the status bar.