No don't bother - just use regular imap and secure ssl - then everything will be secure. Just don't allow webmail access to port 80, use only https on port 443 or else people will be sending their passwords in the clear.
Joe
ok, you got me there.. how do i tell apache to make
webmail secure? yes.. i'm a newbie.. how sad.. hehe
You can make a mod_ssl test certificate and use that, since all your users have to trust you anyway. Then enable https in the apache config.
You can redirect all webmail traffic to port 443, in a number of ways - a brute force method would be to deny access to port 80 and only allow access to port 443.
Joe
