Noah Meyerhans wrote: > On Thu, Dec 15, 2005 at 12:35:09PM +0000, kevin bailey wrote: >> the service: >> 443/tcp open https >> is used to protect the webmail service. it is meant to stop the email >> passwords from being sniffed. > > If you're concerned about passwords being sniffed, you better shut off > pop3 and imap, too (unless you configure IMAP such that plaintext > passwords will never be prompted for, which should be possible according > to section 6.2.2 of RFC 3501). In the case of pop3, it is not possible > to configure secure authentication mechanisms, and you should switch to > the SSL-tunnelled pop3s if you really need POP support.
good point - also the fact that the users stick their email passwords to their monitors using postits! i'm almost thinking to switch the webmail service to normal apache - this would save me from having to run apache-ssl altogether. the email accounts are virtual accounts and are not system/FTP accounts run on a courier email server. > >> what is >> 1720/tcp filtered H.323/Q.931 >> ? >> >> and how do i turn it off if it is uneccessary. > > It may be nothing. The fact that it showed up as filterd in the nmap > output indicates that nmap didn't received a TCP RST packet back when it > tried to contact that port. That may mean you have iptables configured > to DROP packets to that port. iptables has not been set up - but i take what you say. so if i set up a firewall and drop nearly all packets does nmap report ports as unfiltered? thanks for your points, kev > > noah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]