The services which are classed as listening services are SMTP, POP3, IMAP4, WebMail, LDAP and Remote Admin. Each of these services requires the use of at least one port and all are configured in exactly the same way.
Each service allows you to control which TCP port the service listens on (for accepting connections). Usually this value is left as the default, but if required it can be moved to a non-standard port value. Each service also allows control over the maximum number of simultaneous connections allowed. This allows the administrator to restrict certain services to help balance the load. The last option allows control over the period of time a connection is allowed to be idle, after which the connection is forcefully closed. By adjusting the maximum connections and idle time-out values for each service, you can help optimize your mail server.
Binding to IPs
If the local computer your mail server is running on has multiple IPs assigned, you can control which IPs each service binds to. Usually this is only necessary if you want to restrict a service to be only accessible on a particular network (i.e. a LAN). However, this can also help combine different types of server software onto a single computer. The default behavior of a service is to bind to all available IPs.
A powerful security feature of the listening services is the ability to use SSL. Although the LDAP service does not yet currently support SSL, all other services have this option available. SSL is useful as it ensures all communications between the client and server are protected using 256-bit encryption. This ensures that if anybody intercepts any of the data transferred between the client and server, it will be unreadable. This helps protect login details as well as mail content and other information. To use SSL you need have at least one certificate set up which can then be selected from the drop down box. There are 2 available SSL modes: Explicit and Implicit. Explicit SSL takes place on the port and is initiated usually just before the login details are sent. Implicit SSL takes places on a separate dedicated port and is initiated before any data is transferred between the server and client. For more information on SSL, please view the Tutorial: Important Security Considerations page.
This option is rarely used but can help protect important services. These options allow you to restrict access to a service to certain range of IPs. This is useful for securing user account access services such as POP3 and IMAP4, by only allowing access from within a LAN. This option is not recommended for the SMTP service as often the SMTP will need to deal with any IP on the Internet (i.e. incoming mail traffic).