diff --git a/docker/nginx/nginx.conf b/docker/nginx/nginx.conf
--- a/docker/nginx/nginx.conf
+++ b/docker/nginx/nginx.conf
@@ -31,10 +31,13 @@
         ssl_ciphers HIGH:!aNULL:!MD5;
     }
 
+    # Roundcube specific imap endpoint with proxy-protocol enabled
     server {
         listen 144 proxy_protocol;
         protocol imap;
 
+        auth_http           127.0.0.1:8000/api/webhooks/nginx-roundcube;
+
         proxy on;
         starttls on;
 
diff --git a/src/app/Http/Controllers/API/V4/NGINXController.php b/src/app/Http/Controllers/API/V4/NGINXController.php
--- a/src/app/Http/Controllers/API/V4/NGINXController.php
+++ b/src/app/Http/Controllers/API/V4/NGINXController.php
@@ -179,10 +179,6 @@
         $password = $request->headers->get('Auth-Pass', null);
         $username = $request->headers->get('Auth-User', null);
         $ip = $request->headers->get('Client-Ip', null);
-        $proxy_ip = $request->headers->get('Proxy-Protocol-Addr', null);
-        if ($proxy_ip) {
-            $ip = $proxy_ip;
-        }
 
         try {
             $user = $this->authorizeRequest(
@@ -206,6 +202,57 @@
     }
 
     /**
+     * Authentication request for roundcube imap.
+     *
+     * @param \Illuminate\Http\Request $request The API request.
+     *
+     * @return \Illuminate\Http\Response The response
+     */
+    public function authenticateRoundcube(Request $request)
+    {
+        /**
+         *  Auth-Login-Attempt: 1
+         *  Auth-Method:        plain
+         *  Auth-Pass:          simple123
+         *  Auth-Protocol:      imap
+         *  Auth-Ssl:           on
+         *  Auth-User:          john@kolab.org
+         *  Client-Ip:          127.0.0.1
+         *  Host:               127.0.0.1
+         *
+         *  Auth-SSL: on
+         *  Auth-SSL-Verify: SUCCESS
+         *  Auth-SSL-Subject: /CN=example.com
+         *  Auth-SSL-Issuer: /CN=example.com
+         *  Auth-SSL-Serial: C07AD56B846B5BFF
+         *  Auth-SSL-Fingerprint: 29d6a80a123d13355ed16b4b04605e29cb55a5ad
+         */
+
+        $password = $request->headers->get('Auth-Pass', null);
+        $username = $request->headers->get('Auth-User', null);
+        $ip = $request->headers->get('Proxy-Protocol-Addr', null);
+
+        try {
+            $user = $this->authorizeRequest(
+                $username,
+                $password,
+                $ip,
+            );
+        } catch (\Exception $e) {
+            return $this->byebye($request, $e->getMessage());
+        }
+
+        // All checks passed
+        switch ($request->headers->get('Auth-Protocol')) {
+            case "imap":
+                return $this->authenticateIMAP($request, false, $password);
+            default:
+                return $this->byebye($request, "unknown protocol in request");
+        }
+    }
+
+
+    /**
     * Create an imap authentication response.
     *
     * @param \Illuminate\Http\Request $request The API request.
diff --git a/src/routes/api.php b/src/routes/api.php
--- a/src/routes/api.php
+++ b/src/routes/api.php
@@ -170,6 +170,7 @@
         ],
         function () {
             Route::get('nginx', [API\V4\NGINXController::class, 'authenticate']);
+            Route::get('nginx-roundcube', [API\V4\NGINXController::class, 'authenticateRoundcube']);
             Route::get('nginx-httpauth', [API\V4\NGINXController::class, 'httpauth']);
             Route::post('policy/greylist', [API\V4\PolicyController::class, 'greylist']);
             Route::post('policy/ratelimit', [API\V4\PolicyController::class, 'ratelimit']);