I finally found the reason : if cyradm find one or some @ char in a mailbox path, it takes the last one, and considers that everything following it is a domain.
To target a specific folder containing a @, you need to address it with its domain : /user/sthiry/@toto@xxxxxxxxxx
And it sees it, and can rename it (or put ACLs, or get infos, ...)
There is still the issue of unsub from @toto, and sub to the new folder (otherwise Thunderbird, for example, still sees the old one - but cannot access it, - and the user must manually subscribe to the new one).
But we decided to modify our script to take the domain into account when checking ACLs, so that solved it for me.
