Solved

CAS and disabling imap/pop3

Posted on 2014-01-19
3
377 Views
Last Modified: 2014-01-20
I have been reviewing some security guides for hardening exchange 2010 cas servers. They recommend disabling the imap/pop3 protocols. Can I ask why? Is the CAS server solely geared towards remote access, so is this safeguard to prevent plain text protocols for remote access to email? Can disabling these protcols cause any specific issues/problems to end users?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39792589
By default imap and pop3 are disabled services on the Exchange server. If you want to enabled these they have to be done manually. The only reason I can think of as to why you would want to disable these ports on your Firewall is so that internal people using Outlook mail clients cannot add their IMAP/POP3 accounts as addtional accounts in their Outlook session. This would be done on the firewall level not Exchange.

Will.
0
 
LVL 3

Author Comment

by:pma111
ID: 39792598
Is it because they are unsecure protocols?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39792635
Most larger organizations do not use pop3 or imap as this is a protocol where clients pull copies of the email down the their client. POP3 is not good for this because once the email is on your client that is where is resides. As you can see this is not good as it no longer resides on the server. IMAP is more advanced in which it retrieves the email from the server. Both of these have less feature set as well.

This is just a basic Out-of-Box configuration when you install Exchange.

POP3 and IMAP do also pose a higher surface attack area if they are enabled. Personally I would not enable this in my Exchange environment. The more services you have running on your server/s the higher the risk you have for something being compromised especially when you are not using SSL.

If you were going to implement this in your environment another this i would suggest is make sure that you are using SSL as it transmits usernames and passwords in clear text if not using SSL.

Will.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Are you using email marketing software? If not, you're missing out on effortless marketing and the reaching of desired conversion rates through email marketing software.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now