Share via


Understanding Security for POP3 and IMAP4

Applies to: Exchange Server 2010

This topic explains security settings that you can use on the Microsoft Exchange Server 2010 Client Access server that has the POP3 and IMAP4 services installed.

Looking for management tasks related to POP3 and IMAP4? See Managing POP3 and IMAP4.

Configuring SSL and TLS for POP3 and IMAP4 Clients

To help secure communications between POP3 and IMAP4 clients and the Exchange 2010 Client Access server, we strongly recommend that you use Secure Sockets Layer (SSL) or Transport Layer Security (TLS). By default, Exchange Setup provides a self-signed certificate for test environments. However, we recommend that you install a certificate from a certification authority (CA) that's trusted by the client's operating system. For more information, see Managing SSL for a Client Access Server.

You can use the Exchange Management Console or the Exchange Management Shell to configure SSL or TLS for POP3 and IMAP4 on an Exchange 2010 server.

For more information about how to use the EMC or the Shell to configure SSL or TLS for POP3 and IMAP4, see the following topics:

Configuring Authentication for POP3 and IMAP4

When you use POP3 and IMAP4 clients, you can set authentication options such as the ability to use SSL or TLS encryption and the ability to configure ports to communicate with clients. When you use SSL or TLS for POP3 and IMAP4 access, the Exchange server uses the ports listed in the following table to communicate with clients.

Ports for POP3 and IMAP4 access when using SSL

Protocol Default port

IMAP4 with SSL

993 (TCP)

IMAP4 with or without TLS

143 (TCP)

POP3 with SSL

995 (TCP)

POP3 with or without TLS

110 (TCP)

By default, the values in the previous table are used for communicating with clients. You can specify other ports to use with POP3 and IMAP4 clients if you want to disable communication through the default ports.

For more information about how to configure authentication for POP3, see the following topics:

For more information about how to configure authentication for IMAP4, see the following topics: