[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

IMAP Security Concerns

Posted on 2008-01-28
15
Medium Priority
?
1,768 Views
Last Modified: 2012-05-05
I am a Network Admin trying to prove to my Manager that by enabling IMAP will not impose any great security risks. Currently we only utilize SMTP and x.400 for email transport. He is a paranoid man and absolutely refuses to use pop3 or IMAP with Exchange. I need IMAP turned on within our exchange server to enable another local server to send/receive email for a CRM app.

Can anyone give me some ammo to enlighten my Manager on IMAP security.
0
Comment
Question by:marine7275
  • 5
  • 4
  • 3
  • +1
15 Comments
 
LVL 13

Author Comment

by:marine7275
ID: 20762417
updated question
0
 
LVL 3

Expert Comment

by:ntrlsur
ID: 20762565
Well FYI for your boss outlook and exchange use a Microsoft  imap creation to communicate.  but on to your question.   Will imap be available outside of the firewall?  will the CRM app be authenticating to the domain to recieve imap access? Are you using MS Server 2003 for the base of your exchange environment?
0
 
LVL 16

Expert Comment

by:Matthew Millers
ID: 20762806
Outlook and exchange use MAPI for communications.
If you really want to use IMAP or POP3, why dont you enable either using SSL?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 25

Expert Comment

by:kieran_b
ID: 20762886
Is this CRM app on a server inside the network?  If so, enable IMAP and just don't forward a port from the firewall - there is little real danger of enabling it internally only...
0
 
LVL 13

Author Comment

by:marine7275
ID: 20763020
ntrlsur:

Answersw to your questions:
Will imap be available outside of the firewall?  No
Will the CRM app be authenticating to the domain to recieve imap access? No
Are you using MS Server 2003 for the base of your exchange environment? yes

I even plan on using IP filtering to restrict IMAP traffic to only the CRM server.

0
 
LVL 25

Expert Comment

by:kieran_b
ID: 20763027
Using IP filtering and keeping the port closed at the router is secure enough.
0
 
LVL 16

Expert Comment

by:Matthew Millers
ID: 20763031
If it does not authenticate, how is it going to enumerate a folder structure?

If you have security concerns on your network, use IMAP/SSL
If you dont have security concerns, use IMAP

0
 
LVL 3

Expert Comment

by:ntrlsur
ID: 20763044
you should be fine then.  Filter the ip to just the crm app and you should not have any problems.
0
 
LVL 13

Author Comment

by:marine7275
ID: 20763050
Sorry, it does authenticate. I had to setup a CRM email account to store messages.
0
 
LVL 13

Author Comment

by:marine7275
ID: 20769841
I am looking for technical references that will prove my point that using IP filtering with IMAP will be secure enough.
0
 
LVL 3

Accepted Solution

by:
ntrlsur earned 1500 total points
ID: 20769868
well you can provide an example.  Put him on a machine that has ip filtering enabled and have him try and connect to anything that you have filtered out..
0
 
LVL 16

Expert Comment

by:Matthew Millers
ID: 20770622
Dont worry about IP filtering, just use IMAP/SSL...does not get much more secure than that.
0
 
LVL 16

Expert Comment

by:Matthew Millers
ID: 20781185
How did you go with this?
0
 
LVL 25

Expert Comment

by:kieran_b
ID: 20799906
>>I am looking for technical references that will prove my point that using IP filtering with IMAP will be secure enough.

Close the IMAP port to the world - you can't beat that security, and the boss can't question it; it is closed.
0
 
LVL 13

Author Closing Comment

by:marine7275
ID: 31429021
My manager is a type of manager that was looking for some technical documentation proving our point of using ip filtering. My ultimate goal was to flood him with documentation proving my point.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
You finally migrated Public Folders to Office 365, decommissioned the Public Folder mailbox database and since then, when you send an email from on-premise to mail-enabled Public Folders, you get the following error: "Misconfigured public folder mai…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question