Secure IMAP server


I've advertised Dovecot as a secure IMAP server for the past few years now. I don't think any software should be claimed to be secure unless it can be backed up in some way. So now that Dovecot 1.0 beta is finally out, I think it's time for me to finally do that.

I'm offering 1000€ for the first person to demonstrate a remotely exploitable security hole in Dovecot.

Rules are basically:

Even if you don't find any real problems, I'd still like to hear about potential problem cases in the code.

What's happened so far: