Hi,
although dovecot is great and almost exactly solving my problems and fitting my requirements, there is an odd detail that causes me problems:
The %c variable. (See http://wiki2.dovecot.org/Variables )
I'm managing an IMAP server for an association, which is connected to an LDAP server. Users can connect in three ways: IMAPS from the internet, IMAP from local acccounts, and IMAP through a Web->IMAP interface, which is protected through additional one-time-passwords.
The web gateway is intended to be used from untrusted computers as well, so the IMAP password entered through the Web site must not be the same as the password used on IMAPS.
I have solved this problem by using %s%c as part of the LDAP user_filter. When people connect over IMAPS, this becomes imapsecured (%s=imap, %c=secured), while an unencrypted connect becomes imap (%s=imap, %c=)
Unfortunately, this works only, if the web interface and the IMAP server are located on different (virtual) machines.
But if the web gateway and dovecot are no the /same/ machine, this does not work anymore, since %c becomes "secured" on localhost, even if unencrypted. It causes a lot of trouble and headache.
Please add a configuration variable to configure, whether %c should become "secured" for unencrypted traffic on the loopback device (localhost).
regards Hadmut