thoughts on running an IMAP-over-SSL server exposed to the Internet?

Florin Andrei florin at
Thu Mar 26 19:59:07 EDT 2009

I want to read my email on the iPhone. To do that, I have 2 options:
1. VPN
2. IMAP-over-SSL

#1 is a bit convoluted, I already run a VPN server, with OpenVPN, but 
the iPhone doesn't have an OpenVPN client. Running *two* VPN networks 
seems excessive for a small personal server - not that the machine 
cannot handle it, but it just feels too complicated for the task at hand.

#2 would be easy to implement, just poke a hole in the firewall for the 
imaps port. But then there's the issue of security, of course.

I am running cyrus-imapd-2.3.7 on CentOS 5.x

How comfortable y'all are with exposing Cyrus IMAPd's imaps port to the 
big wild Internet?
Do you see the SELinux confinement as a must-have in this context, or 
are you okay with running it without any such MAC protections?

Florin Andrei

More information about the Info-cyrus mailing list