On Friday 28 March 2008 21:14:25 mouss wrote:
There are a number of things you can do to harden your security. You could set up an additional user account with nologin for email so if the username/password does get compromised it's limited to purely email. You could run imap services on a non-standard port (security through obscurity), or firewall the connection to only allow trusted IP addresses (works if you always conect from known trusted IP addresses). None of these solutions are perfect, so probably the best method is to encrypt the connection using SSl. See howto here (for postfix/dovecot):
Thanks for the advice. It helps a lot.
Consider using imaps instead of imap. it's not hard to setup and it will prevent password sniffing as well as silly kiddie who only probe non ssl ports (my logs show a lot of 80, 21, 22, 110, 143 and currently not a single imaps).
I'll read upon it, thanks.
Anne