I used OpenWebmail in the past, and liked it -- but stopped using it becauses of fears of setuid-ness.
My configuration was a simple server hooked up to fetchmail and exim4, no IMAP. Positives include ease of configuration and it being very very shiny. Negatives include not being IMAP, using mailbox instead of maildir, etc. Potential negatives include home directory access as a side feature, and there not being a clear way to turn that off. Anyhow, I ultimately stopped running it because of (first) fears of setuid, and (2) gmail. I've seen some universities run this though, so it can't be all bad. If you want IMAP, I'd probably look at Squirrelmail instead. Polished php programs don't scare me at all -- unpolished ones do (as with perl cgi apps!).