After Migration imap on new server only works without SSL/TLS or STARTTLS

Hello All
Can't connect to imap on new server via SSL/TLS or STARTTLS. Only when these are turned off does imap work.
Sending mail works, Mail is received by mailbox (checked via Roundcube). SSL sertificates are picked up when checked via openssl on those ports.

Migrated via Migration Tool Script from Server: (Ubuntu 16.04.7 LTS (Xenial Xerus)) ISPConfig 3.2.4 to (Ubuntu 20.04.2 LTS (Focal Fossa)) ISPConfig 3.2.4
Installed on new server using Minimal Server and Auto Script tutorials. Certbot option. The only change is the Spam filter.

Test Script output:

Code:

##### SERVER #####
IP-address (as per hostname): ***.***.***.***
[WARN] could not determine server's ip address by ifconfig
[INFO] OS version is Ubuntu 20.04.2 LTS

[INFO] uptime:  09:01:57 up 19:12,  1 user,  load average: 0.01, 0.04, 0.00

[INFO] memory:
              total        used        free      shared  buff/cache   available
Mem:          5.8Gi       2.0Gi       229Mi       139Mi       3.6Gi       3.4Gi
Swap:         4.0Gi       0.0Ki       4.0Gi

[INFO] systemd failed services status:
  UNIT                      LOAD   ACTIVE SUB    DESCRIPTION
● certbot.service           loaded failed failed Certbot
● snap.lxd.activate.service loaded failed failed Service for snap application lxd.activate

LOAD   = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB    = The low-level unit activation state, values depend on unit type.

2 loaded units listed.

[INFO] ISPConfig is installed.

##### ISPCONFIG #####
ISPConfig version is 3.2.4


##### VERSION CHECK #####

[INFO] php (cli) version is 7.4.18
[INFO] php-cgi (used for cgi php in default vhost!) is version 7.4.18

##### PORT CHECK #####


##### MAIL SERVER CHECK #####


##### RUNNING SERVER PROCESSES #####

[INFO] I found the following web server(s):
        Apache 2 (PID 936)
[INFO] I found the following mail server(s):
        Postfix (PID 1834)
[INFO] I found the following pop3 server(s):
        Dovecot (PID 601)
[INFO] I found the following imap server(s):
        Dovecot (PID 601)
[INFO] I found the following ftp server(s):
        PureFTP (PID 1259)

##### LISTENING PORTS #####
(only           ()
Local           (Address)
[anywhere]:21           (1259/pure-ftpd)
***.***.***.***:53              (620/named)
[localhost]:53          (620/named)
***.***.***.***:53              (587/systemd-resolve)
[anywhere]:22           (712/sshd:)
[anywhere]:25           (1834/master)
[localhost]:953         (620/named)
[anywhere]:4190         (601/dovecot)
[anywhere]:993          (601/dovecot)
[anywhere]:995          (601/dovecot)
[localhost]:11332               (690/rspamd:)
[localhost]:11333               (690/rspamd:)
[localhost]:11334               (690/rspamd:)
[localhost]:10023               (1178/postgrey)
[anywhere]:587          (1834/master)
[localhost]:6379                (951/redis-server)
[localhost]:11211               (619/memcached)
[anywhere]:110          (601/dovecot)
[anywhere]:143          (601/dovecot)
[anywhere]:465          (1834/master)
*:*:*:*::*:21           (1259/pure-ftpd)
*:*:*:*::*5054:ff:fe8a:8:53             (620/named)
*:*:*:*::*:53           (620/named)
*:*:*:*::*:22           (712/sshd:)
*:*:*:*::*:25           (1834/master)
*:*:*:*::*:953          (620/named)
*:*:*:*::*:443          (936/apache2)
*:*:*:*::*:4190         (601/dovecot)
*:*:*:*::*:993          (601/dovecot)
*:*:*:*::*:995          (601/dovecot)
*:*:*:*::*:3306         (969/mysqld)
*:*:*:*::*:587          (1834/master)
*:*:*:*::*:6379         (951/redis-server)
[localhost]10           (601/dovecot)
[localhost]43           (601/dovecot)
*:*:*:*::*:8080         (936/apache2)
*:*:*:*::*:80           (936/apache2)
*:*:*:*::*:465          (1834/master)
*:*:*:*::*:8081         (936/apache2)




##### IPTABLES #####
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
f2b-postfix-sasl  tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 25
f2b-sshd   tcp  --  [anywhere]/0            [anywhere]/0            multiport dports 22

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain f2b-postfix-sasl (1 references)
target     prot opt source               destination
RETURN     all  --  [anywhere]/0            [anywhere]/0

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
REJECT     all  --  ***.***.***.***      [anywhere]/0            reject-with icmp-port-unreachable
RETURN     all  --  [anywhere]/0            [anywhere]/0




##### LET'S ENCRYPT #####
Certbot is installed in /usr/bin/letsencrypt

UPDATE:
This situation is occurring on existing Mail Clients. Currently reviewed on Gmail Android client and Thunderbird Desktop. Have not reviewed on users with other mail clients like MS Outlook.

Solution was to delete the local mail accounts and recreate them.

Not sure if this is expected behaviour when migrating mail accounts to new Dovecot or ISPConfig servers?

 

Correct address and definitely DNS propagation checked. No problem when setting up a new client to connect to the mail server. Only existing clients have this problem. Only imap, smtp works seamlessly.
We've run the process 3 times this week and each time once a domain's DNS is propagated this occurred. We're on site with a small user base using Microsoft E-mail Client, so we'll verify if their domain transfer is seamless or if the same occurs.
In the Dovecot log this is what we saw repeated when Client set to use imap ssl or starttls:

Code:

Warning: auth: auth client 0 disconnected with 1 pending requests: Connection reset by peer