Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

CAS and disabling imap/pop3

Posted on 2014-01-19
3
Medium Priority
?
467 Views
Last Modified: 2014-01-20
I have been reviewing some security guides for hardening exchange 2010 cas servers. They recommend disabling the imap/pop3 protocols. Can I ask why? Is the CAS server solely geared towards remote access, so is this safeguard to prevent plain text protocols for remote access to email? Can disabling these protcols cause any specific issues/problems to end users?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39792589
By default imap and pop3 are disabled services on the Exchange server. If you want to enabled these they have to be done manually. The only reason I can think of as to why you would want to disable these ports on your Firewall is so that internal people using Outlook mail clients cannot add their IMAP/POP3 accounts as addtional accounts in their Outlook session. This would be done on the firewall level not Exchange.

Will.
0
 
LVL 3

Author Comment

by:pma111
ID: 39792598
Is it because they are unsecure protocols?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39792635
Most larger organizations do not use pop3 or imap as this is a protocol where clients pull copies of the email down the their client. POP3 is not good for this because once the email is on your client that is where is resides. As you can see this is not good as it no longer resides on the server. IMAP is more advanced in which it retrieves the email from the server. Both of these have less feature set as well.

This is just a basic Out-of-Box configuration when you install Exchange.

POP3 and IMAP do also pose a higher surface attack area if they are enabled. Personally I would not enable this in my Exchange environment. The more services you have running on your server/s the higher the risk you have for something being compromised especially when you are not using SSL.

If you were going to implement this in your environment another this i would suggest is make sure that you are using SSL as it transmits usernames and passwords in clear text if not using SSL.

Will.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question