Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

CAS and disabling imap/pop3

Posted on 2014-01-19
3
Medium Priority
?
479 Views
Last Modified: 2014-01-20
I have been reviewing some security guides for hardening exchange 2010 cas servers. They recommend disabling the imap/pop3 protocols. Can I ask why? Is the CAS server solely geared towards remote access, so is this safeguard to prevent plain text protocols for remote access to email? Can disabling these protcols cause any specific issues/problems to end users?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39792589
By default imap and pop3 are disabled services on the Exchange server. If you want to enabled these they have to be done manually. The only reason I can think of as to why you would want to disable these ports on your Firewall is so that internal people using Outlook mail clients cannot add their IMAP/POP3 accounts as addtional accounts in their Outlook session. This would be done on the firewall level not Exchange.

Will.
0
 
LVL 3

Author Comment

by:pma111
ID: 39792598
Is it because they are unsecure protocols?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39792635
Most larger organizations do not use pop3 or imap as this is a protocol where clients pull copies of the email down the their client. POP3 is not good for this because once the email is on your client that is where is resides. As you can see this is not good as it no longer resides on the server. IMAP is more advanced in which it retrieves the email from the server. Both of these have less feature set as well.

This is just a basic Out-of-Box configuration when you install Exchange.

POP3 and IMAP do also pose a higher surface attack area if they are enabled. Personally I would not enable this in my Exchange environment. The more services you have running on your server/s the higher the risk you have for something being compromised especially when you are not using SSL.

If you were going to implement this in your environment another this i would suggest is make sure that you are using SSL as it transmits usernames and passwords in clear text if not using SSL.

Will.
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

879 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question