diff --git a/data/hooks/diagnosis/14-ports.py b/data/hooks/diagnosis/14-ports.py
index f9694a9de..11f26ceba 100644
--- a/data/hooks/diagnosis/14-ports.py
+++ b/data/hooks/diagnosis/14-ports.py
@@ -21,7 +21,8 @@ class PortsDiagnoser(Diagnoser):
         #       443: "nginx"
         #       ... }
         ports = {}
-        for service, infos in _get_services().items():
+        services = _get_services()
+        for service, infos in services.items():
             for port in infos.get("needs_exposed_ports", []):
                 ports[port] = service
 
@@ -39,17 +40,18 @@ class PortsDiagnoser(Diagnoser):
         except Exception as e:
             raise YunohostError("diagnosis_ports_could_not_diagnose", error=e)
 
-        for port, service in ports.items():
+        for port, service in sorted(ports.items()):
+            category = services[service].get("category", "[?]")
             if r["ports"].get(str(port), None) is not True:
                 yield dict(meta={"port": port, "needed_by": service},
                            status="ERROR",
                            summary=("diagnosis_ports_unreachable", {"port": port}),
-                           details=[("diagnosis_ports_needed_by", (service,)), ("diagnosis_ports_forwarding_tip", ())])
+                           details=[("diagnosis_ports_needed_by", (service, category)), ("diagnosis_ports_forwarding_tip", ())])
             else:
                 yield dict(meta={"port": port, "needed_by": service},
                            status="SUCCESS",
                            summary=("diagnosis_ports_ok", {"port": port}),
-                           details=[("diagnosis_ports_needed_by", (service))])
+                           details=[("diagnosis_ports_needed_by", (service, category))])
 
 
 def main(args, env, loggers):
diff --git a/data/templates/yunohost/services.yml b/data/templates/yunohost/services.yml
index b3c406f0f..fdf278fcf 100644
--- a/data/templates/yunohost/services.yml
+++ b/data/templates/yunohost/services.yml
@@ -3,40 +3,53 @@ dnsmasq: {}
 dovecot:
   log: [/var/log/mail.log,/var/log/mail.err]
   needs_exposed_ports: [993]
+  category: email
 fail2ban:
   log: /var/log/fail2ban.log
+  category: security
 metronome:
   log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
   needs_exposed_ports: [5222, 5269]
+  category: xmpp
 mysql:
   log: [/var/log/mysql.log,/var/log/mysql.err,/var/log/mysql/error.log]
   alternates: ['mariadb']
+  category: database
 nginx:
   log: /var/log/nginx
   test_conf: nginx -t
   needs_exposed_ports: [80, 443]
+  category: web
 nslcd: {}
 php7.0-fpm:
   log: /var/log/php7.0-fpm.log
   test_conf: php-fpm7.0 --test
+  category: web
 postfix:
   log: [/var/log/mail.log,/var/log/mail.err]
   test_status: systemctl show postfix@- | grep -q "^SubState=running"
   needs_exposed_ports: [25, 587]
+  category: email
 redis-server:
   log: /var/log/redis/redis-server.log
+  category: database
 rspamd:
   log: /var/log/rspamd/rspamd.log
-slapd: {}
+  category: email
+slapd:
+  category: database
 ssh:
   log: /var/log/auth.log
   test_conf: sshd -t
   needs_exposed_ports: [22]
+  category: admin
 yunohost-api:
   log: /var/log/yunohost/yunohost-api.log
+  category: admin
 yunohost-firewall:
   need_lock: true
   test_status: iptables -S | grep "^-A INPUT" | grep " --dport" | grep -q ACCEPT
+  category: security
 glances: null
 nsswitch: null
 ssl: null
diff --git a/locales/en.json b/locales/en.json
index d6784a78d..3aa2a7074 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -210,7 +210,7 @@
     "diagnosis_ports_could_not_diagnose": "Could not diagnose if ports are reachable from outside. Error: {error}",
     "diagnosis_ports_unreachable": "Port {port} is not reachable from outside.",
     "diagnosis_ports_ok": "Port {port} is reachable from outside.",
-    "diagnosis_ports_needed_by": "Exposing this port is needed for service {0}",
+    "diagnosis_ports_needed_by": "Exposing this port is needed for {1} features (service {0})",
     "diagnosis_ports_forwarding_tip": "To fix this issue, you most probably need to configure port forwarding on your internet router as described in https://yunohost.org/isp_box_config",
     "diagnosis_http_could_not_diagnose": "Could not diagnose if domain is reachable from outside. Error: {error}",
     "diagnosis_http_ok": "Domain {domain} is reachable from outside.",
diff --git a/locales/fr.json b/locales/fr.json
index 156b870ef..5bcb74b11 100644
--- a/locales/fr.json
+++ b/locales/fr.json
@@ -746,7 +746,7 @@
     "migration_description_0014_remove_app_status_json": "Supprimer les fichiers d'application status.json hérités",
     "diagnosis_services_running": "Le service {service} s'exécute correctement !",
     "diagnosis_services_conf_broken": "La configuration est cassée pour le service {service} !",
-    "diagnosis_ports_needed_by": "Rendre ce port accessible est nécessaire pour le service {0}",
+    "diagnosis_ports_needed_by": "Rendre ce port accessible est nécessaire pour les fonctionnalités de type {1} (service {0})",
     "diagnosis_ports_forwarding_tip": "Pour résoudre ce problème, vous devez probablement configurer la redirection de port sur votre routeur Internet comme décrit sur https://yunohost.org/isp_box_config",
     "diagnosis_http_connection_error": "Erreur de connexion : impossible de se connecter au domaine demandé, il est probablement injoignable.",
     "diagnosis_no_cache": "Pas encore de cache de diagnostique pour la catégorie « {category} »",