Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

CAS and disabling imap/pop3

Posted on 2014-01-19
3
408 Views
Last Modified: 2014-01-20
I have been reviewing some security guides for hardening exchange 2010 cas servers. They recommend disabling the imap/pop3 protocols. Can I ask why? Is the CAS server solely geared towards remote access, so is this safeguard to prevent plain text protocols for remote access to email? Can disabling these protcols cause any specific issues/problems to end users?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39792589
By default imap and pop3 are disabled services on the Exchange server. If you want to enabled these they have to be done manually. The only reason I can think of as to why you would want to disable these ports on your Firewall is so that internal people using Outlook mail clients cannot add their IMAP/POP3 accounts as addtional accounts in their Outlook session. This would be done on the firewall level not Exchange.

Will.
0
 
LVL 3

Author Comment

by:pma111
ID: 39792598
Is it because they are unsecure protocols?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39792635
Most larger organizations do not use pop3 or imap as this is a protocol where clients pull copies of the email down the their client. POP3 is not good for this because once the email is on your client that is where is resides. As you can see this is not good as it no longer resides on the server. IMAP is more advanced in which it retrieves the email from the server. Both of these have less feature set as well.

This is just a basic Out-of-Box configuration when you install Exchange.

POP3 and IMAP do also pose a higher surface attack area if they are enabled. Personally I would not enable this in my Exchange environment. The more services you have running on your server/s the higher the risk you have for something being compromised especially when you are not using SSL.

If you were going to implement this in your environment another this i would suggest is make sure that you are using SSL as it transmits usernames and passwords in clear text if not using SSL.

Will.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is my first article on Expert Exchange on the Manual Method of Exporting Office 365 Mailboxes to PST format by using the eDiscovery mechanism of Office. Hope you will enjoy the article.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question