It's me with still more questions (I'll stop soon I expect).
I'm aiming to provide a webmail server on my home Linux machine, probably with SquirrelMail, this is why I've been asking questions about IMAP servers, security, etc. I have SquirrelMail working already, very simple it was too, I was just asking about daemons etc. for information really.
After a little thought (and reading) I realise that the IMAP server doesn't have to be visible to the outside world if the only access is to be via SquirrelMail. I know it's possible (and intended even) that IMAP should be used by remote MUAs with IMAP capability but since I won't be doing that and neither will my other users I don't need to worry about the security implications of making IMAP (or POP3 for that matter) visible outside the LAN.
It means that making the web server visible to the outside world is where security matters though. Are there any other ways apart from full blown certificate based SSL/TSL to make an apache server a bit more secure? In particular is there a simple ways to encrypt passwords as they pass across the 'net?
The sort of level of security that ssh provides would be ideal, however expecting users to set up an ssh tunnel whenever they want to read their mail is probably a non-starter.