Do you guys think it's better to check whether it's imap protocol and secure connection? For webmail running on localhost, it's always considered as secure connection by Dovecot. If webmail running on another server (not same as IMAP server), it's always good idea to use IMAPS or IMAP over TLS.
For example, in dovecot-mysql.conf, it looks like this:
AND (mailbox.enable%Ls%Lc=1 OR (mailbox.enablewebmail=1 AND '%r'='127.0.0.1' AND '%Ls%Lc'='imapsecured'))
*) For MySQL/PostgreSQL backends, what we need to do is adding new column (mailbox.enablewebmail) and index. If you have another webmail application running on other servers, just replace '%r'='127.0.0.1' by '%r' IN ('127.0.0.1', '192.168.1.1').
*) For OpenLDAP (or OpenBSD ldapd) backend, we have to add below LDAP attribute/value pair for all existing mail users.
enabledService=webmail-127.0.0.1-imapsecuredLDAP filter is not flexible like SQL query, so we have to hard-code remote IP address, protocol, secure connection in LDAP value. If you have multiple webmail servers, you have to add multiple values for ldap attribute 'enabledService' like below:
enabledService=webmail-192.168.1.1-imapsecuredGood or bad?