This is just a general, random thought
I have been trying to enable SSL with my IMAP connections and everything seems to work quite ok with some of the clients. But generally there are at least one problem, which I want to share in this post for general ideas.
If I use mail.mydomain.com as my IMAP server and enable IMAP then some of the clients will warn me always about mismatch between certificate CN name and actual hostname (IMAP server mail.mydomain.com uses certificate, which has CN name issued for mail.dreamhost.com). Eudora is actually so secure that it will not connect (I have already changed Dreamhost certificate status to trusted but it will still complain about mismatch between names).
I wonder would it be possible to have a following setup:
Dreamhost root certificate (self-signed, users will need to import this as a trusted root certificate)
|- mail.somedomain1.com certificate (CN=mail.somedomain1.com)
|- mail.somedomain2.com certificate (CN=mail.somedomain2.com)
In my opinion this would solve the mismatch between CN name and actual server name.
I am not sure if Dreamhost’s IMAP server actually would support this and how difficult this would be to implement.
Just an idea … trying always to use the most secure way to access my resources (Eudora not useful, Outlook complains only one time per session, my mobile phone does not complain at all)