Hello,
I have a courier imap (& courier imap-ssl) server for 30 email accounts with a lot of usage and the people that use them log in regularly from a lot of different places like home, university, work, wi-fi on cafeteria etc..

1) Well one thing is that the email password is the the same for shell access. I have denied to some of them shell access by setting their shell to /bin/false. Should this be set to /bin/nologin to deny shell usage and login or /bin/false is OK ?

2) I have written for the email users some intructions on how to use Thunderbird.
I set the security to connect to the server as TLS. Not TLS if available, but TLS.
Problem is that I saw that google uses instead of TLS SSL ( v3 I suppose) and that got me into some thinking !

Of course I could run both but is there any risk with TLS instead of SSLv3 ? Should I prefer SSLv3 for logins instead of TLS ?

In the courier imam-ssl configuration file, option IMAP_TLS_REQUIRED is set to 0 because it doesn't allow logins from the web interface that we use to access the e-mail which I don't administrate neiher host.
This web interface allows the usage of https to login.

TLS replaced SSLv3 so you should be ok using TLS.
SSL was developed by Netscapte, TLS is a IETF Standard based on SSLv3, my understanding is that they are pretty much the same, where as SSLv2 has knwon secuirty holes.

Check it out at Wikipedia.org
http://en.wikipedia.org/wiki/Transport_Layer_Security

Good luck.