I too would want a better solution. And I fully concur with you on the subject of Cyrus-imapd. Cyrus seemingly serves one single purpose, to drive sysadmins utterly crazy. ;-| I gave up early when I saw the list of prerequisites...
I, too, couldn't figure our Cyrus. Download and compile the imapd (non-Cyrus) source yourself: http://www.washington.edu/imap/
however teaching all the clients that they should trust a self-signed cert sure isn't, so this may not be a viable option for you anyway.
Sounds like an Outlook Express issue to me. Don't blame SuSE for Microsoft's shortcomings.
absolutely disagree with you. Whilst I too love to bash M$, this is nothing to do with them. It is already a huge task to educate end-users about only trusting signed certs. To then re-educate them that certain self-signed certs are safe is asking too much. Maybe you could add yourself as a trusted root CA to all clients, thus avoiding the problem? Andy