Connecting through POP3 or IMAP4 can benefit remote users

Outlook Express's support of POP3 and IMAP4 gives the email client some advantages over other Exchange 2000 Server email clients. For example, because Outlook Express isn't part of Microsoft Office, you don't need to buy a license to operate Outlook Express. In contrast, running Outlook requires that you have a licensed Office installation. (However, if you use Outlook Express with Exchange 2000, you'll need an Exchange server Client Access License—CAL.)

In addition, remote users can use Outlook Express while their machines are disconnected from the Exchange server. This ability is an advantage over the use of Outlook Web Access (OWA), which requires a continuous server connection. POP3 and IMAP4 usually create less network traffic than either Outlook or OWA, and unlike Outlook, Outlook Express can take advantage of Exchange 2000's new front-end and back-end deployment feature to simplify the server namespace and enhance security.

Despite these advantages, using Outlook Express to connect to a corporate Exchange 2000 environment involves some problems and procedures you don't encounter when you use a Messaging API (MAPI) client such as Outlook. Here's how you can properly configure Outlook Express for POP3 and IMAP4 connectivity.

Basic POP3 Configuration
POP3 is the default protocol in Outlook Express, and Microsoft includes an Internet Connection Wizard (ICW) to help users create a POP3 connection. Many users in the enterprise might have previously configured Outlook Express to connect to their ISP-based mailboxes, which can ease both their learning curve and your support costs. But you need to be aware of a few differences in connecting Outlook Express to a corporate Exchange server instead of an ISP's mail server.

To connect Outlook Express to an Exchange server, start Outlook Express and select Accounts from the Tools menu. In the resulting Internet Accounts dialog box, click Add, then click Mail. The first dialog box in the ICW asks for a username. A username has little technical impact; although it controls how the user's name appears in email messages' From field, the username isn't a return address. Ideally, the username matches a user's display name in the Global Address List (GAL).

Click Next, and the wizard asks for the user's Internet email address. This address should match the user's primary corporate SMTP address, not the user's personal (i.e., home) email address.

Click Next again, and the wizard's E-mail Server Names dialog box prompts you for information about the email server. In the My incoming email server is a drop-down list, select POP3 as the server type. Next, fill in the Incoming mail (POP3, IMAP or HTTP) server and Outgoing mail (SMTP) server text boxes with either the Fully Qualified Domain Name (FQDN) or IP address of the POP3 and SMTP servers, respectively. (Be sure you have configured external DNS servers with host records to resolve these FQDNs.) The POP3 server IP address will be either the Exchange 2000 server that hosts the user's mailbox or, if you set up your Exchange 2000 servers in a front-end/back-end configuration, a front-end POP3 server. The SMTP server handles all mail sent from Outlook Express; you need to fill in the SMTP server's address because POP3 is a retrieve-only protocol—it can only read mail, not send it. Depending on your server configuration, the SMTP server's address might be the same FQDN as the POP3 server that you named in the Incoming mail (POP3, IMAP or HTTP) server text box, or the SMTP server might be a different server altogether.

Click Next, and the Internet Mail Logon dialog box appears. You can enter the user's email alias if the alias matches the user's Active Directory (AD) account name and the Exchange 2000 server is a member of the same domain as the user's account. Otherwise, you need to provide names of the domain and AD account in the format DomainName/ActiveDirectoryAccountName/Exchange2000Alias, as Figure 1 shows.

Consider whether you want to select the Remember password check box. Having the system remember the password is user-friendly, but it might create security problems if the user shares the computer with other people. Selecting this box might also lead to problems when the user's password expires and changes at work but not in the user's Outlook Express configuration at home. As a result, the system will reject the user's logon because of incorrect credentials and the user will need to input the new password.

If you select the Log on using Secure Password Authentication (SPA) check box, the Outlook Express client and the Exchange 2000 server will use NT LAN Manager (NTLM) authentication, rather than clear text, to transmit the user ID and password. Consider selecting this check box; the configuration might require slightly more server-end processing and generate more network traffic, but the added security is worth it. For SPA to work, you also need to enable Integrated Windows Authentication on the Exchange POP3 virtual server.

On the subject of security, because POP3 and IMAP4 clients use an SMTP server to relay the mail they send, you risk making your Exchange server into an open relay that spam senders can use to deliver their messages. To block your server from becoming an open relay, see the Microsoft article "Controlling SMTP Relaying with Microsoft Exchange" (http://www.microsoft.com/technet/security/mail/excrelay.asp).

After you finish entering information in the Internet Mail Logon dialog box, click Next. The wizard tells you that you're finished, but you're not. Click Finish, but don't start checking your Inbox for email yet.

Advanced POP3 Configuration
When you finish the wizard, you'll see the Internet Accounts dialog box, in which the newly created POP3 account will be selected. If the user has any preexisting accounts, such as an ISP email account, one of those accounts will be the default account, which means Outlook Express will use the account as the return address in the From field of all messages. You'll need to decide whether you want to change the default account; many organizations make this decision on a user-by-user basis. To change the default ac-
count, select the preferred account in the Internet Accounts dialog box and click the Set as Default button.

Select the new POP3 account and click Properties. The account's Properties dialog box appears. You might need to change some settings, depending on how you set up your Exchange 2000 environment.

Click the Servers tab. If the SMTP server listed in the dialog box requires user authentication to prevent email relaying—which Exchange 2000 servers do by default—you need to select the My server requires authentication option. By default, Outlook Express uses the same credentials (i.e., user ID and password) for SMTP as it uses to log on to the POP3 server. If you need to use different credentials, you can click Settings to specify SMTP-specific credentials.

Click the Advanced tab, which Figure 2 shows. POP3 uses TCP port 110 for communication. Make sure this port is open on your firewall if users are accessing Exchange from the Internet. If the POP3 or SMTP servers require Secure Sockets Layer (SSL) connections to encrypt data, you must select the appropriate check boxes. (Selecting the SSL check box for POP3 changes the TCP port from 110 to 995.)

At the bottom of the tab is a crucial option if you use POP3 to connect to corporate email servers. By default, POP3 clients download mail and delete it from the server. ISPs want subscribers' email clients to delete downloaded mail, but this default behavior creates problems for support personnel in a corporate environment.

To prevent such email deletion, users need to select the Leave a copy of messages on server check box. Even with this check box selected, Outlook Express still copies messages from the POP3 server to the local hard disk, and all user interaction occurs with those local copies, not with the server's originals. Another important point to remember is that POP3 can access only the user's Inbox and no other mailbox folders. Users who need to access folders other than the Inbox need to use IMAP4, HTTP (i.e., OWA), or MAPI (i.e., Outlook) rather than POP3.

Basic IMAP4 Configuration
In any corporate email environment, you need to consider using IMAP4 rather than POP3. IMAP is POP's successor and can do everything POP does and more. IMAP4 can access any mailbox folders containing email messages—not just the Inbox—as well as public folders. Also, IMAP4 doesn't automatically download messages, as POP3 does; IMAP4 downloads headers and lets you selectively download and open individual messages. Thus, IMAP4 is less demanding on network bandwidth than POP3. IMAP4 is only slightly more complex than POP3 to set up in Outlook Express.

The process for creating an IMAP4 account is similar to the process for creating a POP3 account. In Outlook Express, go to the Tools menu and select Accounts. In the resulting Internet Accounts dialog box, click Add, then click Mail. This action starts the Internet Connection Wizard; enter information in the first two dialog boxes of the wizard as you would to set up a POP3 account.

In the wizard's third dialog box, E-mail Server Names, the default incoming mail server selection is POP3. In the My incoming mail server is a drop-down list, you need to change the selection to IMAP. Then, type the IMAP4 server's FQDN or IP address in the Incoming mail (POP3, IMAP or HTTP) server text box. Like POP3, IMAP4 is a retrieve-only protocol, so you need to provide the name or IP address of an SMTP server in the Outgoing mail (SMTP) server text box. Click Next, then complete the wizard as you would if you were setting up a POP3 account.

Advanced IMAP4 Configuration
After you create an IMAP4 mail account, you can select the account in the Internet Accounts dialog box and click Properties to perform additional configuration. Many of the account properties—such as those on the Servers tab—are the same as the properties for a POP3 account. However, if you select the Advanced tab, you'll see that IMAP4 uses a different port (i.e., 143) than POP3; if you decide to enable SSL for IMAP4, the protocol will use port 993. You need to ensure that your firewall allows traffic through those ports.

In the Properties dialog box, click the IMAP tab, which Figure 3 shows. Leave the Root folder path text box blank; this option exists for UNIX email servers and can remain blank when you're using an Exchange server. Select the Check for new messages in all folders check box, especially if your configuration has any rules that place new mail in folders other than the Inbox. Under Special Folders, leave Sent Items path and Drafts path pointing to their default folders on the server because those are the folders that the MAPI (i.e., Outlook) client will use. Click OK to close the Properties dialog box.

When you close the Internet Accounts dialog box after creating the IMAP4 account, Outlook Express prompts you to download IMAP folders from the server. This option doesn't download the folder contents; it downloads a list of folders and lets you choose which folders you want available in Outlook Express. The Show/Hide IMAP Folders dialog box, which Figure 4 shows, lets you select folders that you want to see in Outlook Express. You can include public folders in your selection.

Although special folders such as Calendar and Tasks appear on the list, IMAP4 doesn't support those features. For example, if you use IMAP4 to show Appointments, the appointment items appear as email messages and lack crucial information, such as appointment date and location. For best results, use IMAP4 to access mail folders only.

Take Control
Exchange 2000 accepts POP3 and IMAP4 client connections by default. Because many users have experience connecting Outlook Express to their ISP's POP3 servers, you might find these users connecting to your corporate Exchange servers in a similar fashion—but without your knowledge.

To make Exchange support easier, you need to ensure that all users follow the same connection procedure. When you decide to support POP3 or IMAP4 for some or all of your users, keep in mind the various procedures I just described to ensure the best experience for you, your Help desk staff, and your users.