This FAQ is geared towards new administrators looking for guidance on a proper mail server setup.
As a best practice, your mail server should require SSL encryption for IMAP, POP and Webmail. SMTP should have SSL enabled, but not required.
A typical OS X Server mail server for a small business would have these ports open.
- IMAP: 993
- POP: 995 (if used)
- Incoming SMTP: 25
- SMTP/TLS Submission: 587
- SMTP/SSL Submission: 465 (mainly for compatibility with older Outlook versions)
- ScreenSharing: 5900 (if used)
- Webmail: 80
- Webmail/SSL: 443
Other ports, like imap/143 pop/110, ssh/22, etc should not be opened unless required.
One size does not fit all. You may need to adjust to your needs.