I recently tried to get Mail.app in OSX 10.4.10 working with IMAP with SSL over an SSH tunnel and ran into nothing but problems.  I had an ssh tunnel setup mapping a port on my local network to the IMAP SSL port.  Since I am not starting tunnels as root, my local port has to be >1024, so I picked 2993 locally forwarding to the remote IMAP SSL host on port 993.  Mail.app appears to let you specify a Port in the Advanced tab in Accounts configuration.  However, it seems to not have any effect.  Running tcpdump on the host with my tunnel confirms that Mail does use the port specified at least initially, but it doesn't use it for communication.  Regardless of what you put in the Port #, if you have "Use SSL" checked it will force itself to use tcp port 993. 

I don't know of a workaround in Mail itself.  I tried checking the prefs files by hand and the custom port is listed properly but just is not used.  My solution was to setup netcat to just forward the port 993 on the host where the tunnel is running to the tunneled port.

My tunnels run on a debian linux machine so I just setup an inetd entry like this:
    imaps   stream  tcp     nowait  root    /usr/sbin/tcpd /bin/nc localhost 2993

If you run your tunnels on OSX directly, check out Lingon (an open source utility for creating launchd config files) and setup a launchd entry to run netcat for you.