Oh, you want your IMAP and POP users to do IMAP/POP over SSL/TLS. Sorry,
I misunderstood.

I don't think there is a way to do what you want. In security.cnf, it checks
each of the authentication sources and just reports back if the username and
password are okay or not. It does not report which authentication source that
the username was found in.