The Internet is a fascinating mix of old and new technologies. For every new
application or protocol such as Asynchronous JavaScript and XML (AJAX), an old
technology is quietly soldiering on in the background. SMTP is a great example.
I doubt SMTP's designers ever envisioned how prevalent and important it would
become when they invented it more than 30 years ago, but it's still a crucial
part of every major messaging system, and Exchange 2007 provides excellent support
for it. Likewise, POP and IMAP are still widely used to provide message access
to a variety of clients, including Microsoft Office Outlook, Outlook Express,
Windows Live Mail, Microsoft Entourage, Apple Mail, and smartphones running
Microsoft Windows Mobile software, Palm OS, and Symbian OS (to say nothing of
dozens of lesser-known clients for various OSs.)
Exchange has supported IMAP and POP since
Exchange 5.5. The way that support is implemented
has changed greatly over time, and the way you
manage and configure the protocols has changed
too. The RTM version of the Exchange 2007 Management Console doesn't include support for managing
POP and IMAP implementations. In Exchange 2007,
you can still support IMAP and POP, but to do so
you'll have to master the Exchange Management
Shell.
POP and IMAP Explained
If you're used to supporting rich Messaging API (MAPI), WWW Distributed Authoring
and Versioning (WebDAV), or Exchange ActiveSync clients, you might not be familiar
with IMAP and POP. Both are fairly simple protocols, and they share some similarities.
However, they have some significant differences from each other and from other
protocols you might be used to working with.
POP is by far the simpler of the two protocols; it
supports reading, downloading, and deleting messages in a single inbox folder, along with setting a few
properties (e.g., the read and unread status of a message). POP doesn't support multiple folders, moving
messages, search, rules, or most other semi-modern
mail-client features. For that reason, almost all POP
clients create a local cache of messages and perform
operations against it. This leads to a common problem in which a user reports that messages are disappearing; the problem happens when you leave a POP
client running and set it to download messages then
delete them. When new messages come in, they end
up in the POP client's local mailbox instead of on the
mail server, so they seem to have disappeared. This
problem is exacerbated if you use POP on multiple
machines because messages can become scattered
across the machines.
POP is typically carried over TCP port 110, whereas
IMAP uses TCP port 143. Both protocols can (and
should) be secured with SSL, in which case POP
uses port 995 and IMAP uses port 993. The Exchange
implementation of both protocols supports several
authentication methods, including plain credentials
and GSSAPI, which can be used for Kerberos-based
logons.
Get Started
As in earlier Exchange versions, IMAP and POP services in Exchange 2007 are
provided by two Windows services. The Microsoft Exchange IMAP4 service (whose
short name is MSExchangeIMAP4) and Microsoft Exchange POP3 service (MSExchangePOP3)
are installed by default, but they're turned off, and their service state is
set to manual. Before you can provide POP or IMAP access to your users, you
have to start the service you need and set its service startup state to automatic.
You can easily do this through the Services console in Windows, but it's just
as easy to do it with the Exchange Management Shell, and I recommend that you
give it a try. The commands are simple: Start-service MSExchangeIMAP4 will
start the service, and Set-Service MSExchangeIMAP4 –startupType automatic
will set the startup type.
Why do I recommend using Exchange Management Shell? Because you'll need to use it to manage
all of the other settings for the services, and starting
and stopping services is a safe way to practice. There's
no provision in the release version of the Exchange
Management Console for managing the settings on
these services, so if you're going to use them you'll
have to get familiar with the Get-IMAPSettings
and Set-IMAPSettings Exchange Management Shell
commands (and their POP equivalents). You'll need
to use these tasks to make any sort of change to the
IMAP and POP settings. Microsoft has announced
that the Exchange Management Console will support
a graphical interface for managing POP and IMAP
settings when Exchange 2007 SP1 releases, but that
won't be until sometime in late 2007.
However, you might find that you don't need to do
much. When you install Exchange 2007, it generates a
self-signed certificate that you can use to secure your
network traffic with Secure Sockets Layer (SSL). By
default, this certificate will be assigned to the IMAP
and POP services, and those services will automatically use it, which means you'll have to use IMAP and
POP clients that are compatible with self-signed
certificates. The most common customization for
Exchange 2007 IMAP and POP servers is replacing
these default certificates with certificates issued by
third-party Certificate Authorities (CAs).
Replace the Default Certificates
To modify the certificates assigned for use with Exchange services, you have
to use the Enable-ExchangeCertificate task in Exchange Management Shell. Once
you've obtained the certificate you want to use, you must install it on the
Exchange 2007 client access server where you'll be using it. The installation
steps will vary somewhat according to the CA you're using to issue the certificates.
However, once you install the certificate, you'll need to view the certificate
properties to get its thumbprint. The thumbprint uniquely identifies each certificate
on the system; you can think of it like a GUID. Here's what to do:
- Log on to the Exchange 2007 client access server through an account that
has administrative privileges.
- Launch Microsoft Management Console (mmc .exe).
- Select File, Add/Remove Snap-in; in the Add/ Remove Snap-in dialog box,
click Add.
- Select the Certificates snap-in and click Add.
- Select Computer account, then click Next.
- Select Local computer (the computer this console is running on),
and click Finish.
- Expand the Certificates (Local Computer) node, then the Personal node,
then the Certificates node.
- Select the certificate you want to use from the right-hand pane, right-click
it, and choose the Properties command.
- Click the Details tab.
- Scroll down to the bottom of the properties list, where you'll see the
thumbprint listed.
- Select Thumbprint from the list, then select and copy the thumbprint when
it appears in the text box.
- Click OK.
Previous
)
Register
johnmg September 25, 2007 (Article Rating: