Florin Andrei wrote:
If you have a decent password (on all accounts) I wouldn't worry about about it too much. Move it to an odd port or even require a client certificate if your client software supports it.
The non-standard port is a good trick, but even assuming the iPhone does support it (which is far from certain, the interface is very simple and terse), I'm still a bit uncomfortable. All it takes is a stupid buffer overflow, and a script kiddie with patience and a portscanner - even if you send packets to DROP, it's still scannable, it just takes much longer. Port knocking is probably not doable (or not easily) from the iPhone.
Maybe I don't trust the IMAP server enough to expose it. Maybe I should.
Anything that can survive in a university environment should be safe enough for the rest of us. But the client certificate requirement would really nail it down if that's a possibility. You can do it with stunnel if the native IMAP service is difficult to configure for ssl (or even on a different internal machine).