[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

CAS and disabling imap/pop3

I have been reviewing some security guides for hardening exchange 2010 cas servers. They recommend disabling the imap/pop3 protocols. Can I ask why? Is the CAS server solely geared towards remote access, so is this safeguard to prevent plain text protocols for remote access to email? Can disabling these protcols cause any specific issues/problems to end users?
0
pma111
Asked:
pma111
  • 2
1 Solution
 
Will SzymkowskiSenior Solution ArchitectCommented:
By default imap and pop3 are disabled services on the Exchange server. If you want to enabled these they have to be done manually. The only reason I can think of as to why you would want to disable these ports on your Firewall is so that internal people using Outlook mail clients cannot add their IMAP/POP3 accounts as addtional accounts in their Outlook session. This would be done on the firewall level not Exchange.

Will.
0
 
pma111Author Commented:
Is it because they are unsecure protocols?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Most larger organizations do not use pop3 or imap as this is a protocol where clients pull copies of the email down the their client. POP3 is not good for this because once the email is on your client that is where is resides. As you can see this is not good as it no longer resides on the server. IMAP is more advanced in which it retrieves the email from the server. Both of these have less feature set as well.

This is just a basic Out-of-Box configuration when you install Exchange.

POP3 and IMAP do also pose a higher surface attack area if they are enabled. Personally I would not enable this in my Exchange environment. The more services you have running on your server/s the higher the risk you have for something being compromised especially when you are not using SSL.

If you were going to implement this in your environment another this i would suggest is make sure that you are using SSL as it transmits usernames and passwords in clear text if not using SSL.

Will.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now