Keeping your IMAP server secure is no different from keeping your other resources secure. Well...let’s back up for a second. You can’t keep your IMAP server secure any more than you can keep anything else secure. Short of sealing your server in a block of titanium and firing it off into the sun, the best you can do is keep your server mostly secure. The standard test of whether you’re spending too much time on security is whether you’ve made it more difficult to compromise your system than the rewards of doing so are worth. Of course, hell-bent, disgruntled employees probably think any level of compromise is worth any amount of effort, so we’ll expend a bit more effort on their behalf.

There are three things to keep in mind:

Stay informed!

Stay updated!

Stay vigilant!

The best thing you can do to stay informed is to make it a habit of reviewing online resources, such as mailing lists, Usenet newsgroups, and web sites, for information about recently discovered vulnerabilities in all the various operating systems, servers, clients, and tools you use. It’s safe to say that because your professional world revolves around providing service to your users and, at best, security is a secondary concern, you’ll be far from the first person to learn about vulnerabilities on your system. Hackers,^[57] on the other hand, are likely to live in a world that revolves entirely around discovering vulnerabilities in your system and leaving their unauthorized ...