Configuring Authentication for POP3 and IMAP4

Article
06/29/2011

Applies to: Exchange Server 2010

When you use POP3 and IMAP4 clients, you can set authentication options, such as the ability to use TLS encryption, and configure ports for communication with clients. To successfully use the POP3 or IMAP4 services on your Microsoft Exchange Server 2010 server, you need to configure authentication. You can do this using the Exchange Management Console or the Exchange Management Shell.

Before you configure authentication, make sure you understand the process for configuring Secure Sockets Layer (SSL) for the server that has the Client Access server role installed. For more information about how to help secure communications, read the following topics:

Authentication Options for POP3 and IMAP4

There are three authentication options that you can use with POP3 and IMAP4. These options are configured when you use the EMC or the Set-PopSettings and Set-ImapSettings cmdlets in the Shell. The default ports to use differ depending on the authentication setting that you're using.

The following table lists the different authentication methods that can be used with POP3 and IMAP4 and the default ports for each method.

Authentication options for POP3 and IMAP4

Authentication method	Value	Default port	Description
PlainTextLogin	1	110 (POP3) 995 (POP3 SSL) 143 (IMAP4) 993 (IMAP4 SSL)	TLS encryption is not required on port 110. User name and password are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL. For IMAP4, this corresponds to using the "login" command to authenticate to the Exchange 2010 computer that has the Mailbox server role installed.
PlainTextAuthentication	2	110 (POP3) 995 (POP3 SSL) 143 (IMAP4) 993 (IMAP4 SSL)	TLS encryption is not required on port 110 and port 143. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption. For IMAP4, this corresponds to using the "authenticate" command to authenticate to the Mailbox server.
SecureLogin	3	110 (POP3) 995 (POP3 SSL) 143 (IMAP4) 993 (IMAP4 SSL)	Connection on port 110 and port 143 must use TLS encryption before authenticating.

PlainTextLogin

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

TLS encryption is not required on port 110.

User name and password are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.

For IMAP4, this corresponds to using the "login" command to authenticate to the Exchange 2010 computer that has the Mailbox server role installed.

PlainTextAuthentication

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

TLS encryption is not required on port 110 and port 143. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.

For IMAP4, this corresponds to using the "authenticate" command to authenticate to the Mailbox server.

SecureLogin

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

Connection on port 110 and port 143 must use TLS encryption before authenticating.

Note

Integrated Windows authentication (NTLM) is not supported for POP3 or IMAP4 client connectivity. For more information, see the "Client Access Features" sections in the topic Discontinued Features and De-Emphasized Functionality.

Configuring Authentication for POP3 and IMAP4

Authentication Options for POP3 and IMAP4

Authentication options for POP3 and IMAP4

Additional resources