John Doe wrote: >> Then, I want to read from my own IMAP server when I'm away from home. Is >> there a better way than opening port 143? > > The easiest would be if you had a fixed external IP and only allow it; but I guess that won't be the case. > Maybe using an other port than 143? But I don't think that would fool port scanners. Yes it will fool the port scanners. On my centos server at a colo (er, not really my server, it's a xen virtual host on someone elses server, but it feels like mine - I love xen) I was seeing literally hundreds of attacks on the ssh port within a day of setting it up. I changed the port to one > 1024 and I haven't seen a single attack since. If someone wants to attack your specific server, they'll do a full port scan and find what you have regardless of what ports you are using - but the vast majority of scripts don't because it takes longer to do a full port scan, machines run by people smart enough to change the port usually are run by people who have a clue, very often do not have a lot of users (machines that service a lot of users really need to use the standard ports) and thus are not as likely to have a brute force attack work. So the few extra hosts they find via full port scan isn't worth the time it takes, that time is better spent scanning for people without a clue who are running on the default port. I suspect a lot of scripts don't even bother to scan, they probably just try to connect and move to the next IP when they get a port closed.