Port Authority Edition – Internet Vulnerability Profiling
by Steve Gibson,  Gibson Research Corporation.

Goto Port 142
Probe Port 143
Enter Port: 0-65535
Goto Port 144

Port Authority Database

Port 143


Internet Message Access Protocol

Imap protocol is used by eMail clients for the retrieval of their eMail from designated eMail "post office" servers. Email Clients such as Microsoft Outlook, Netscape, Eudora, and many others, using imap protocol to retrieve their eMail, connect to port 143 of a remote eMail server. They must then identify and authenticate themselves by logging on to the remote eMail server using their eMail account information. After doing so they are permitted to view and download their waiting eMail.

Related Ports: 
25, 110

Background and Additional Information:

Imap on port 143 is the newer of the two popular protocols used to retrieve eMail from remote mail servers. (The older protocol, pop3, the Post Office Protocol, uses port 110.) End-user eMail clients send eMail to remote eMail servers using the SMTP protocol on port 25, and typically retrieve their eMail using either pop3 or imap. Email clients and servers must each support both an eMail sending (SMTP) and retrieving (pop3 or imap) protocol.

Local POP proxies

Although it is uncommon for end-user PCs to host a full eMail server, anti-virus and anti-spam "filtering" programs often open the user's local port 143 to provide convenient eMail filtering through a technique known as "proxying". The bad news is that some of these programs cause this port to be opened and exposed to the outside world — to the whole Internet — which can create serious vulnerabilities for the user's PC.

The idea behind a "local proxy" is that the anti-virus or anti-spam program needs to "filter" the remote eMail before it reaches the local eMail client program. So the proxying filter program creates a little local pop3 or imap server right there on the user's machine. The user instructs their eMail client to retrieve eMail from port 110 or 143 of their own computer, and the proxy, in turn, fetches the eMail from the remote eMail server.

This places the proxy "in line" between the remote eMail server and the local eMail client. The Proxy retrieves eMail from the remote server, checks it, filters it, virus scans it, or whatever, then offers it to the local eMail client through its own local pop3 or imap server running on port 110 or 143.

The only trouble with this is that poorly or hastily written local proxies can sometimes create the side-effect of opening the same local server to connections from the entire Internet. If such a proxy also had some insecure features which could be exploited (which is always a concern with any publicly accessible Internet servers) it might be possible for nefarious hackers to exploit the local server's security weaknesses as a means of gaining an advantage of some sort.

Closing port 143

Under no circumstances would you want port 143 of a local proxy (or any local proxy ports for that matter) to be open to the outside world. It's unlikely that you would have a full eMail server running on your machine, but a local proxy such as that described above is becoming more common. If our probes show that your machine has port 143 open, you should determine the cause and see about updating your software, or determine how to close this port to outside access. If all else fails, the use of a NAT router or personal firewall would do the trick.

The IMAP RFC (the complete specification)

The specification of every nuance and detail of the IMAP protocol:



The entire contents of this page is copyright © 2008 by Gibson Research Corporation.

Jump to top of page
Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2024 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.
Jump to top of page