I don't think it does be default. The only what I know is to establish a compressed SSH tunnel to your server and then access the server over the tunnel. It will compress and give you an extra layer of encryption.
Umm, no. It will not compress. Think about it, encrypted data is fundamentally not compressible, that's the whole point.
x = length(compress(encrypt(data))) y = length(encrypt(compress(data))) z = length(encrypt(data))
Then, usually, x > y and z > y, but x is approximately the same as z. (That's speaking very generally; there may be optimizations in some case or another given your data.)
That is: encrypted data is less compressible than the original data, but if you compress first, then encrypt, it should be a win.
If I recall correctly, a "compressed SSH tunnel" would do 'y' (compress then encrypt). i.e., dovecot would see a non-SSL connection which gets compressed-then-encrypted, or decrypted-then-uncompressed by the endpoints of the tunnel.
Well, as far as I understood Marc, since he was saying "an extra layer of encryption" I understood him to mean that he wanted to
encrypt(compress(encrypt(imap stream)))
by building an ssh-tunnelled imaps (or imap/tls) connection. IOW, dovecot would see an SSL connection too.
johannes