diff --git a/src/imap.c b/src/imap.c
new file mode 100644
index 0000000..3ba4aee
--- /dev/null
+++ b/src/imap.c
@@ -0,0 +1,80 @@
+/*
+ * ejabberd external authentication program
+ *
+ * (c) Alexander Vdolainen 2013, 2018, 2019, 2021 <alex@vapaa.xyz>
+ *
+ * this is free software: you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published
+ * by the Free Software Foundation, either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * this is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.";
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/select.h>
+#include <errno.h>
+#include <netdb.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+
+#include <eport.h>
+#include <tlsport.h>
+
+#define IMAPLINE_LENGTH  320
+
+int imap_auth(struct tlsport *p, struct ejabber_msg *m)
+{
+  char buf[IMAPLINE_LENGTH];
+  int len = 0, mlen = 0;
+
+  /* sanity check */
+  if(!m || !m->user) return -1;
+  if(!m->domain || !m->password) return -1;
+  if(!p || !p->ssl) return -1;
+
+  /* read welcome message */
+  memset(buf, '\0', IMAPLINE_LENGTH);
+  len = tls_io(p, buf, IMAPLINE_LENGTH - sizeof(char), TLSIO_READ);
+  if(len < 5) return -1;
+  else if(strncmp(buf, "* OK", 4)) return -1;
+  /* check the leftovers in TLS channel */
+  if(len == IMAPLINE_LENGTH - sizeof(char)) {
+    do {
+      len = tls_io(p, buf, IMAPLINE_LENGTH - sizeof(char), TLSIO_READ);
+    } while(len == IMAPLINE_LENGTH - sizeof(char));
+    memset(buf, '\0', IMAPLINE_LENGTH);
+  } else memset(buf, '\0', len = sizeof(char));
+
+  /* try to login with provided credentials */
+  mlen = strlen(m->user) + strlen(m->domain) + strlen(m->password);
+  mlen += 14; /* "a login 11 22" */
+  if(mlen > IMAPLINE_LENGTH - sizeof(char)) return -1; /* too long */
+  /* create a message */
+  snprintf(buf, mlen, "a login \"%s@%s\" \"%s\"", m->user, m->domain,
+           m->password);
+  len = tls_io(p, buf, mlen, TLSIO_WRITE);
+  if(len < 0) return -1;
+  else memset(buf, '\0', mlen);
+
+  /* read */
+  len = tls_io(p, buf, IMAPLINE_LENGTH - sizeof(char), TLSIO_READ);
+  if(len < 5) return -1;
+
+  if(strncmp(buf, "a OK", 4)) return -1;
+
+  return 0;
+}