I am not shure, but for my feeling, it has something to do with this here:
→ Maybe the forbidden ACL leads to the same error, however with a larger impact on the nextcloud client. I am more and more convinced that may be solved on the Dovecot level. Maybe it could be worth giving a try to alter devecot ACL.