Yep, Prosody was one of my failed attempts :P I am running everything on a kubernetes cluster, so a maintained helm chart is the first thing I check when running something. I didn't have much luck with XMPP servers with this.
That IMAP auth trick is really awesome thinking BTW, kudos!
Ah interesting, I haven't tried running it on k8s yet. Migrating my mail stack over to k8s has been on my todo list for a little while; should probably get around to it since dovecot and postfix have supported inet sockets for user/domain db and auth for ~12 years now.
Dovecot is really great, and a ton of stuff supports using it as a sasl auth backend (postfix being an important one). I made a simple facade service that feeds it and postfix from couchdb via its dict backend[0] and postfix's tcp_tables[1], then point everything at dovecot for auth. Couch document IDs map really well to email/user, domain, and sieve script lookups; helluva lot simpler than setting up and managing LDAP.
I've been running XMPP/ejabberd for a decade, it's a single service embarking everything you need, including what it takes to do A/V calls (NAT traversal & al.). Nonetheless, it's also the quietest and lowest-profile piece of server software I've ever used. I don't need a container for that, but if you want, there's an official docker image for it. Without going to host millions of concurrent users and needing to distribute the service across multiple physical servers via clustering, I don't see what good an "helm chart" does for you, but then you do you.
That IMAP auth trick is really awesome thinking BTW, kudos!