Main thing is you can advertise a single point for
checking email
and abstract everything behind that. If you decided to switch to a
different mail backend you just change where the proxy points
them no need to communicate with users about changing their
mail server blah blah blah.
Your case sounds pretty simple.
We redirect our incoming IMAP to the SSL port on the backend.
So inbound IMAP (143) + TLS -> backend (993) SSL.
Actually we run all of POP, POPS, IMAP, IMAPS.
We use a separate config file for the daemon that
runs on each port so we can turn on debug & verbose
modes JUST for 1 of the 4 ports if we need to debug.
I don't know what you mean to say about the passwords.
Ordinarily speaking Perdition is an application proxy. It acts
as the traffic cop directing your session and doesn't itself
do authentication I think. Been a while since I configured it
our Perdition "just works" for many years now.
It's pretty lightweight and could run in a VM for
just a handful of users like your case.
[stuff deleted]
Very lightweight! We have 4 *virtual* perdition systems in DNS round-robin
servicing thousands of users.
We were running perdition on dedicated hardware for over 7 years; last
year we went virtual. Still runs slick.
--
scott hollatz net shollatz(a)d.UMn.eDu
information technology systems and services tel +1 218 726 8851
university of minnesota duluth mn usa fax +1 218 726 7674
--
"Asn aD ta zlAp em uT zt33rg"