Using ISA Server 2006 with POP3 and IMAP4
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2009-01-14
This topic describes how you can use Microsoft Internet Security and Acceleration (ISA) Server 2006 with Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4). We recommend that you use ISA Server 2006 for all available client access methods in Microsoft Exchange Server 2007. When you publish POP3 and IMAP4 client access with ISA Server 2006, communications from the POP3 or IMAP4 clients that are located on the Internet to the ISA Server computer and from the ISA Server computer to the Client Access server are encrypted by using Secure Sockets Layer (SSL).
The following table describes several benefits of using ISA Server 2006 to protect POP3 and IMAP4 client access to your Microsoft Exchange deployment.
ISA Server 2006 features for POP3 and IMAP4
Exchange server locations are hidden
When you publish an application through ISA Server, you are protecting the server from direct external access, because the name and IP address of the server cannot be accessed by the user. The user accesses the ISA Server computer. This computer forwards the request to the server according to the conditions of the server publishing rule.
SSL bridging and inspection
SSL bridging protects against attacks that are hidden in SSL-encrypted connections. For SSL-enabled Web applications, after ISA Server receives the client's request, ISA Server decrypts it, inspects it, and then ends the SSL connection with the client computer. The Web publishing rules determine how ISA Server communicates the request for the object to the published Web server. If the secure Web publishing rule is configured to forward the request by using secure HTTP (HTTPS), ISA Server initiates a new SSL connection with the published server. Because the ISA Server computer is now an SSL client, it requires the published Web server to respond with a server-side certificate.
To enable an encrypted channel by using SSL between the client computer and the ISA Server computer, you must install a server certificate on the ISA Server computer. This certificate should be issued by a public certification authority (CA) because it will be accessed by users on the Internet. If a private CA is used, the root certificate from the private CA must be installed on any computer that has to create an encrypted channel (HTTPS) to the ISA Server computer.
For more information about how to install a server certificate on ISA Server 2006, see Publishing Exchange Server 2007 with ISA Server 2006.
To deploy ISA Server 2006 with POP3 and IMAP4, you must create an Exchange Web client access publishing rule by using the Exchange Publishing Rule Wizard. This action enables POP3 and IMAP4 access to your Exchange deployment.
When you publish an internal Exchange 2007 Client Access server through ISA Server 2006, you protect the Web server from direct external access because the name and IP address of the server cannot be accessed by the user. The user accesses the ISA Server computer. The ISA Server computer forwards the request to the internal Web server according to the conditions of your Web server publishing rule. An Exchange Web client access publishing rule is a Web publishing rule that contains default settings appropriate to Exchange client access.
For more information about how to use the New Exchange Publishing Rule Wizard, see Publishing Exchange Server 2007 with ISA Server 2006.