Enabling Additional Exchange Services for Back-End Servers

If you performed the procedures properly up to this point, you should have successfully hardened your Exchange back-end servers. Although your MAPI client, HTTP (Outlook Web Access) client, and SMTP should now function with your back-end server, your POP3 and IMAP4 clients will not be able to retrieve mail. If you have a front-end and back-end deployment that includes these protocols, you must also enable the appropriate POP3 and IMAP4 services on the Exchange back-end server. If this server is an NNTP server, you must also enable the NNTP service. The easiest way to enable these services is to import the corresponding Exchange 2003 protocol-specific security templates to the back-end servers that require additional client access.

For example, if your organization provides POP3 access to mailboxes, after applying the Exchange 2003 security templates (or the recommended configurations) to the front-end POP3 server, you must apply the Exchange 2003 POP3 security template to the back-end server.

This section discusses the services that you must enable to support NNTP. All other protocols are discussed in "Hardening Front-End Servers."