EISDC
asked on
IMAP and Exchange 2013
We have an application that requires the IMAP protocol enabled for receiving email. I have been tasked with enabling IMAP for a particular mailbox, and the servers where the Active and Passive mailbox copies live.
Our enviroment:
10 Exchange 2013 servers all holding the same roles. 5 servers live in the EU datacenter and 5 live in the US datacenter. The EU servers have there own DAG, and the US servers have their own separate DAG.
What is the best approach for enabling IMAP for a single mailbox that resides in the EU?
Can I isolate the enabling of IMAP to just the EU servers that hold the active and passive copies of the mailbox or does IMAP service need to be enabled across all servers (EU/US) in the Exchange org?
Can IMAP just be enabled on these two servers and single mailbox, and can this single mailbox still receive emails from other internal mailboxes that reside on the same EU DAG, and receive email from mailboxes that reside on the US servers / DAG?
How can we close other security holes that are opened when IMAP is enabled? Network Firewalls along with disabling IMAP for all mailboxes across all servers, except for the mailbox that requires it?
Any feedback or suggestions would be greatly appreciated.
Our enviroment:
10 Exchange 2013 servers all holding the same roles. 5 servers live in the EU datacenter and 5 live in the US datacenter. The EU servers have there own DAG, and the US servers have their own separate DAG.
What is the best approach for enabling IMAP for a single mailbox that resides in the EU?
Can I isolate the enabling of IMAP to just the EU servers that hold the active and passive copies of the mailbox or does IMAP service need to be enabled across all servers (EU/US) in the Exchange org?
Can IMAP just be enabled on these two servers and single mailbox, and can this single mailbox still receive emails from other internal mailboxes that reside on the same EU DAG, and receive email from mailboxes that reside on the US servers / DAG?
How can we close other security holes that are opened when IMAP is enabled? Network Firewalls along with disabling IMAP for all mailboxes across all servers, except for the mailbox that requires it?
Any feedback or suggestions would be greatly appreciated.
ASKER
Simon - I appreciate the response.
So to confirm, IMAP will only be required on the servers where the active copy, and passive copy (server switch over) resides?
After enabling the services on the targeted servers, is there a powershell command that will disable IMAP in bulk for the accounts that already exist? Possible use of input csv file? I understand about disabling for each new user will be as created, but what of existing accounts?
Lastly, instead of disabling IMAP for all mailboxes, could we control the use of the ports used by IMAP within the firewall by blocking them and only allowing them (IMAP ports) between the Exchange servers that hold the copies of the mailbox, and the Application server that is requires IMAP protocol?
So to confirm, IMAP will only be required on the servers where the active copy, and passive copy (server switch over) resides?
After enabling the services on the targeted servers, is there a powershell command that will disable IMAP in bulk for the accounts that already exist? Possible use of input csv file? I understand about disabling for each new user will be as created, but what of existing accounts?
Lastly, instead of disabling IMAP for all mailboxes, could we control the use of the ports used by IMAP within the firewall by blocking them and only allowing them (IMAP ports) between the Exchange servers that hold the copies of the mailbox, and the Application server that is requires IMAP protocol?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Simon
However that will allow anyone else to use IMAP, so if you are particularly concerned you will have to disable it on every mailbox but that one. Unfortunately doing it the other way (all disabled except the ones you enable) isn't possible on Exchange.
Furthermore, each new account will have to have IMAP disabled on it - it isn't something you can have set as disabled by default.
Simon.