Avatar of CISS
CISS
Flag for United States of America asked on

Exchange 2016 POP3 configuration

I have a Client that uses Reynolds & Reynolds to send and receive emails to/from customers with the program. They are able to send but not receive. Spoke with R&R support and they use POP3/port 995 to receive emails to the program. I'm trying to configure POP3 and think I have everything set but I'd rather be 120% sure rather than leave a security risk open.

In Management Shell I ran the >Set-PopSettings to configure everything and when i run Get-PopSettings I get

InternalConnectionSettings : {Exchange.Domain.local:995:SSL, Exchange.Domain.local:110:TLS}
ExternalConnectionSettings: {email.domain.com:110:TLS, email.domain.com:995:SSL}
UnencryptedOrTLSBindings: {x.x.x.x:110} (x.x.x.x = external exchange IP)
SSLBindings:                             {x.x.x.x:995} (x.x.x.x = external exchange IP)
Cert Name                                 email.domain.com

Does this look correct? Should the Binding be the External IP or Internal? Testing using Microsoft Analyzer (https://go.microsoft.com/fwlink/p/?LinkID=313839) fails with

Test TCP port 995 on host email.domain.com to ensure its listening and open. The specified port is either blocked, not listening, or not producing the expected response.

Any help is appreciated and if you need more info let me know.

Thank you!
Exchange* POP3Security

Avatar of undefined
Last Comment
CISS

8/22/2022 - Mon
timgreen7077

Make sure that pop is enabled on all your exchange servers, and make sure the firewall isn't blocking those ports and forwards traffic on those ports to your exchange servers. Your settings look fine check firewall.
Sebastian Talmon

Are the pop3 frontend- and backend services running?

In a default Exchange Installation the pop3 services are configured as manual start, not automatic. You should reconfigure them as automatic and start the services, if you want to use pop3
CISS

ASKER
I will check Firewall but i think Sebastian may be onto something. Both Services are set to automatic but only POP3 Backend is running. When i try to start POP3 i get

"The Microsoft Exchange POP3 service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs."

Quick google search suggested checking receive connector bindings but nothing came back on 995 or 110 ... i did notice that the bindings that were returned to me all looked like {[::]:587, 0.0.0.0:587} and when i look at the bindings for POP3 i have

UnencryptedOrTLSBindings: {1.2.3.4:110}
SSLBindings:                             {1.2.3.4:995}

where 1.2.3.4 = my external IP. Should this not be configured? Should it instead return back {0.0.0.0:995}  ?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Sebastian Talmon

is the external IP directly on one of the network interfaces? Or only through NAT or proxy routed to the Exchange Server?

If there is no need to restrict pop3 access, I would set it back to 0.0.0.0
CISS

ASKER
It's set through a sonicwall nat policy. I would use the same Set-PopSettings [-SSLBindings 0.0.0.0:995] correct?

This won't open us up to anything undesirable will it? Spoofing/hacking, etc? That is my main concern
timgreen7077

No it will not. You will still need to authenticate so you should be fine.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
ASKER CERTIFIED SOLUTION
Sebastian Talmon

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
CISS

ASKER
Set the bindings back to 0.0.0.0 and both services started/are running. Thank you everyone!