Understanding Security for POP3 and IMAP4
Microsoft Exchange Server 2007 will reach end of support on April 11, 2017. To stay supported, you will need to upgrade. For more information, see Resources to help you upgrade your Office 2007 servers and clients.
Applies to: Exchange Server 2007, Exchange Server 2007 SP1, Exchange Server 2007 SP2, Exchange Server 2007 SP3
This topic explains security settings that you can use on the Microsoft Exchange Server 2007 computer that has the Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4) services installed.
Configuring SSL for POP3 and IMAP4 Clients
To help secure communications between your POP3 and IMAP4 clients and the Exchange 2007 server that has the Client Access server role installed, we strongly recommend that you use Secure Sockets Layer (SSL). By default Exchange Setup provides a self-signed SSL certificate for test environments. However, we recommend that you install a trusted SSL certificate from a certification authority (CA) that is trusted by the client's operating system. For more information, see Understanding SSL for Client Access.
You can use the Exchange Management Shell to configure SSL for POP3 and IMAP4 on an Exchange 2007 server.
For more information about how to use the Exchange Management Console to configure SSL for POP3 and IMAP4, see the following topics:
Configuring Authentication for POP3 and IMAP4
When you use POP3 and IMAP4 clients, you can set authentication options such as the ability to use Transport Layer Security (TLS) encryption and the ability to configure ports to communicate with clients. When you use TLS and SSL for POP3 and IMAP4 access, the Exchange server uses the ports listed in the following table to communicate with clients.
Ports for POP3 and IMAP4 access when using SSL
Protocol | Default port |
---|---|
IMAP4 with SSL |
993 (TCP) |
IMAP4 with or without TLS |
143 (TCP) |
POP3 with SSL |
995 (TCP) |
POP3 with or without TLS |
110 (TCP) |
By default, the values in the previous table are used for communicating with clients. You can specify other ports to use with POP3 and IMAP4 clients if you want to disable communication through the default ports.
For more information about how to configure authentication for POP3, see the following topics:
For more information about how to configure authentication for IMAP4, see the following topics:
For More Information
For more information about how to manage POP3 and IMAP4, see Managing POP3 and IMAP4.