On Friday 28 March 2008 11:06:06 Ned Slider wrote: > Anne Wilson wrote: > > I have port 143 open so that I can get my mail when away from home. > > Occasionally, though, my router reports things like > > > > Thu, 2008-03-27 02:00:11 - TCP Packet - Source:200.122.134.9,3821 > > Destination:88.97.17.41,143 - [IMAP rule match] > > Thu, 2008-03-27 05:39:49 - TCP Packet - Source:140.127.181.141,3461 > > Destination:88.97.17.41,143 - [IMAP rule match] > > Thu, 2008-03-27 16:10:03 - TCP Packet - Source:80.88.161.125,2352 > > Destination:88.97.17.41,143 - [IMAP rule match] > > If you open ports, you will see folks scanning them - it's inevitable. A > public mail server will attract interest from those wishing to exploit it. > > > Looking at those addresses in whois, I don't see any good reason for > > these, and I'm concerned in case they are relays. Advice? > > Those looking for relays would be more interested in the smtp port 25. > The IMAP port is the port you connect to to receive your mail. As long > as your imap server (dovecot, courier-imap) is fully patched and > presumably secure then you should be OK. > It is. > Advice - one potential weakness is that by default your username and > password is likely being sent in plain text (not a good idea!). Someone > could potentially intercept your username and password and access/use > your email account. If that username/password is also your system > account then potentially that could be compromised too. > My various mail passwords are not system passwords, so at least that is avoided. > There are a number of things you can do to harden your security. You > could set up an additional user account with nologin for email so if the > username/password does get compromised it's limited to purely email. You > could run imap services on a non-standard port (security through > obscurity), or firewall the connection to only allow trusted IP > addresses (works if you always conect from known trusted IP addresses). > None of these solutions are perfect, so probably the best method is to > encrypt the connection using SSl. See howto here (for postfix/dovecot): > > http://wiki.centos.org/HowTos/postfix_sasl > Thanks for the advice. It helps a lot. Anne -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20080328/fa494314/attachment-0005.sig>