Why you do not like SSL? It provides a similar level of encryption and it is supported by most current email clients. - Alexey.
You should ONLY forward 443 (HTTPS) and 25 unless you plan to expose yourself (or systems rather) the POP/IMAP access should all be done internal, make the external user access with Webmail over SSL, or another way is to SSH into the LAN and portforward thier local IMAP/POP ports to the SuSE Server. You can do this with standard SSH on Unix or the New Putty Windows Clients will work too. This last case is good for home users or traveling folks. Another idea, option 3 is to only do SSH and use PINE or MUTT to access the server, point is you should never do IMAP/POP access for anything ouside the LAN.
Oh, LDAP will portforward too, do not expose that either.
Regards,
Jon
-- { http://trelony.cjb.net/ } Alexey N. Solofnenko { http://www.inventigo.com/ } Inventigo LLC Pleasant Hill, CA (GMT-8 usually)