Understanding Security for POP3 and IMAP4
Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1, Exchange Server 2007
Topic Last Modified: 2007-04-05
This topic explains security settings that you can use on the Microsoft Exchange Server 2007 computer that has the Post Office Protocol version 3 (POP3) and Internet Message Access Protocol version 4rev1 (IMAP4) services installed.
To help secure communications between your POP3 and IMAP4 clients and the Exchange 2007 server that has the Client Access server role installed, we strongly recommend that you use Secure Sockets Layer (SSL). By default Exchange Setup provides a self-signed SSL certificate for test environments. However, we recommend that you install a trusted SSL certificate from a certification authority (CA) that is trusted by the client's operating system. For more information, see Understanding SSL for Client Access.
You can use the Exchange Management Shell to configure SSL for POP3 and IMAP4 on an Exchange 2007 server.
For more information about how to use the Exchange Management Console to configure SSL for POP3 and IMAP4, see the following topics:
When you use POP3 and IMAP4 clients, you can set authentication options such as the ability to use Transport Layer Security (TLS) encryption and the ability to configure ports to communicate with clients. When you use TLS and SSL for POP3 and IMAP4 access, the Exchange server uses the ports listed in the following table to communicate with clients.
Ports for POP3 and IMAP4 access when using SSL
IMAP4 with SSL
IMAP4 with or without TLS
POP3 with SSL
POP3 with or without TLS
By default, the values in the previous table are used for communicating with clients. You can specify other ports to use with POP3 and IMAP4 clients if you want to disable communication through the default ports.
For more information about how to configure authentication for POP3, see the following topics:
For more information about how to configure authentication for IMAP4, see the following topics: