IMAP Security Concerns

I am a Network Admin trying to prove to my Manager that by enabling IMAP will not impose any great security risks. Currently we only utilize SMTP and x.400 for email transport. He is a paranoid man and absolutely refuses to use pop3 or IMAP with Exchange. I need IMAP turned on within our exchange server to enable another local server to send/receive email for a CRM app.

Can anyone give me some ammo to enlighten my Manager on IMAP security.
LVL 13
marine7275Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

marine7275Author Commented:
updated question
0
ntrlsurCommented:
Well FYI for your boss outlook and exchange use a Microsoft  imap creation to communicate.  but on to your question.   Will imap be available outside of the firewall?  will the CRM app be authenticating to the domain to recieve imap access? Are you using MS Server 2003 for the base of your exchange environment?
0
Matthew MillersCommented:
Outlook and exchange use MAPI for communications.
If you really want to use IMAP or POP3, why dont you enable either using SSL?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

kieran_bCommented:
Is this CRM app on a server inside the network?  If so, enable IMAP and just don't forward a port from the firewall - there is little real danger of enabling it internally only...
0
marine7275Author Commented:
ntrlsur:

Answersw to your questions:
Will imap be available outside of the firewall?  No
Will the CRM app be authenticating to the domain to recieve imap access? No
Are you using MS Server 2003 for the base of your exchange environment? yes

I even plan on using IP filtering to restrict IMAP traffic to only the CRM server.

0
kieran_bCommented:
Using IP filtering and keeping the port closed at the router is secure enough.
0
Matthew MillersCommented:
If it does not authenticate, how is it going to enumerate a folder structure?

If you have security concerns on your network, use IMAP/SSL
If you dont have security concerns, use IMAP

0
ntrlsurCommented:
you should be fine then.  Filter the ip to just the crm app and you should not have any problems.
0
marine7275Author Commented:
Sorry, it does authenticate. I had to setup a CRM email account to store messages.
0
marine7275Author Commented:
I am looking for technical references that will prove my point that using IP filtering with IMAP will be secure enough.
0
ntrlsurCommented:
well you can provide an example.  Put him on a machine that has ip filtering enabled and have him try and connect to anything that you have filtered out..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Matthew MillersCommented:
Dont worry about IP filtering, just use IMAP/SSL...does not get much more secure than that.
0
Matthew MillersCommented:
How did you go with this?
0
kieran_bCommented:
>>I am looking for technical references that will prove my point that using IP filtering with IMAP will be secure enough.

Close the IMAP port to the world - you can't beat that security, and the boss can't question it; it is closed.
0
marine7275Author Commented:
My manager is a type of manager that was looking for some technical documentation proving our point of using ip filtering. My ultimate goal was to flood him with documentation proving my point.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.