OK, here's what i did for testing, and it works for me:
1: Use only 'CRAM-MD5 as auth mech for testing in Dovecot. restart Dovecot service.
auth_mechanisms = CRAM-MD52: Generate CRAM-MD5 password with command 'doveadm pw', then reset my mail user password to this newly generated one. For example:
{CRAM-MD5}b239b858b2e0174497bb99adfd6b81c01b40b289d09f49d3d67c721c9fb88b123: In Thunderbird, i use 'Encrypted password' for "Authentication method" for both IMAP/SMTP. Sending email via SMTP over TLS and receiving email via IMAP over TLS are working as expected.