Never mind -- I see now that this is working fine by default. SSL is terminated on the director, and connections are automatically proxyed in plain text.
Still wonder a little about v2.0 director vs. v1.2 backends, but doubt it should matter much..
Complete (single-node) director configuration, in case anybody else should be interested in running such a setup:
################################################################# # dovecot -n # 2.0.7: /usr/local/dovecot-2.0.7/etc/dovecot/dovecot.conf # OS: Linux 2.6.18-194.8.1.el5 x86_64 Red Hat Enterprise Linux Server release 5.5 (Tikanga) director_mail_servers = 192.168.42.28 192.168.42.29 director_servers = 127.0.0.1 passdb { args = proxy=y nopassword=y driver = static } service director { fifo_listener login/proxy-notify { mode = 0666 } inet_listener { port = 5515 } unix_listener director-userdb { mode = 0600 } unix_listener login/director { mode = 0666 } } service imap-login { executable = imap-login director } service pop3-login { executable = pop3-login director } ssl_cert = </etc/pki/tls/certs/server.crt ssl_key = </etc/pki/tls/private/server.key
#################################################################
-jf