TLS is not properly enforced for IMAP connections

[mpurg]

In function get_imap_port(), if IO::Socket::SSL is not available TLS will be disabled with only a warning: https://github.com/msimerson/mail-dmarc/blob/ac6d3ad2e50c79a409c0fc642ffc2816c2018827/lib/Mail/DMARC/Report/Receive.pm#L191

Considering that in this case the credentials are sent in plain text, it might be better to change the default behavior to fail. The user could opt-in via a configuration option (e.g. allow_insecure_imap).

In the same function, the verification of server certificates is disabled if Mozilla::CA is not available. This largely defeats the purpose of using TLS, making it succeptible to MITM attacks. Please consider using the defaults provided by IO::Socket::SSL, as recommended here: https://metacpan.org/pod/IO::Socket::SSL#Common-Usage-Errors

[msimerson]

I'm thinking:

1. make port detection explicit and default to 993. The only way to get a port 143 connection is to ask for it.
2. add a SSL_verify_mode setting in the config, for users that need it.

[mpurg]

Sounds good, thanks for the prompt response!