After digging around the code some the obvious (and “most-correct”) way to do this is to enhance the IMAP php library so that when it is sent an “open” it checks for the capability and, if present and the environment variable with the remote IP is set (which it will be if it was called an upstream “thing” that sets it, such as a web server) it then sends that stanza down after the password is accepted.
This would cause the IMAP php module to log it to Dovecot (or any other compatible IMAP server) for all users of it, not just Z-push, and it requires no code changes in the Z-push codebase itself. I run FreeBSD and haven’t dug into the php development community at all, so while I can certainly grab the FreeBSD port and do it in there that doesn’t help anyone except possibly FreeBSD users if I sent the patch back into their system, and it’s subject to rot there over time. The “right” approach to go after this is in the php upstream of course; I’ll stick a note in my “list of things to look at”, but I can’t commit to a when I’ll get to it.