here is the architecture I have thought up:
you want 2 physical machines , a mail server and a web server.
this can be done on 1 machine, but if you have more than
just a handful of users, you are going to want to have a dedicated
mailserver.
mail server:
qmail mail server
courier imap
web server:
your openACS installation +
a module which provides for webmail user administration
either machine: you want some AOL TCL scripts acting as
an imap client. i suggest writing these in a manner so
that they don't necessarily rely upon a bunch of ACS procs.
this way, you could even have a separate physical machine
somewhere (mail.yourdomain.com) that only acts as
an imap client for your users.
There are some links on qmail.org to hacks which
allow a qmail installation to authenticate with a postgres
database. I think that if you have the proper postgres
client libraries on the email server, you can do this
authentication between two machines. This would provide
for authentication of the mail users against the openACS
users table.