How do I secure my simple home pop3 server?

[DragonNOA1]

I just setup a file server and simple pop3 mail server at home and I am worried about security. Win2k3 linked to my internet domain name for more of a proof of concept rather than anything permanent. This is not exchange remember. Is there anything I should do/know to protect my server? Am I just paranoid b/c I have ports 25/110 open? TIA

 

[Gertrude]

Open ports doesn't equate to vulnerabilities. Just make sure the OS is updated, and the services running on it are also patched, and updated. Depending on who is using the pop server you may be able to create firewall rules allowing only certain IPs to connect to it, and deny all others. You may also want to subscribe to Bugtraq and watch for vulnerabilities, so if somehting does come up you can patch yourself accordingly.

 

[m1abram]

Well I would strongly encourage you to use POPS instead (secure pop) or just tunnel POP through an ssh connection. With plain ole POP3 anyone sniffing traffic between your client and server can easily get your password.

If this POP3 server is just for your personal use I would suggest using an ssh and tunnel the pop connection through that. Solves 2 issues, you do NOT need POP open to the world and all traffic to your POP server is encrypted.