在 Exchange 服务器上启用和配置 POP3Enable and configure POP3 on an Exchange server

默认情况下,Exchange 中未启用 POP3 客户端连接。若要启用 POP3 客户端连接,需要按照下列步骤操作:By default, POP3 client connectivity isn't enabled in Exchange. To enable POP3 client connectivity, you need to perform the following steps:

  1. 启动 POP3 服务,并将服务配置为自动启动:Start the POP3 services, and configure the services to start automatically:

    • Microsoft Exchange POP3:这是 POP3 客户端 (的) 客户端访问前端服务。Microsoft Exchange POP3: This is the Client Access (frontend) service that POP3 clients connect to.

    • Microsoft Exchange POP3 后端:来自客户端访问服务的 POP3 客户端连接将代理到保留用户邮箱的主动副本的服务器的后端服务。Microsoft Exchange POP3 Backend: POP3 client connections from the Client Access service are proxied to the backend service on the server that hold the active copy of the user's mailbox. 有关详细信息,请参阅客户端 访问协议体系结构For more information, see Client Access protocol architecture.

  2. 为外部客户端配置 POP3 设置。Configure the POP3 settings for external clients.

    默认情况下,Exchange 对 内部 POP3 连接使用以下设置:By default, Exchange uses the following settings for internal POP3 connections:

    • POP3 服务器 FQDN <ServerFQDN> :。POP3 server FQDN: <ServerFQDN>. 例如,mailbox01.contoso.comFor example, mailbox01.contoso.com.

    • TCP 端口和 加密方法:995 表示始终 TLS 加密连接,110 表示未加密连接,或用于在初始纯文本协议握手后导致加密连接的机会 TLS (STARTTLS) 。TCP port and encryption method: 995 for always TLS encrypted connections, and 110 for unencrypted connections, or for opportunistic TLS (STARTTLS) that results in an encrypted connection after the initial plain text protocol handshake.

    To allow external POP3 clients to connect to mailboxes, you need to configure the POP3 server FQDN, TCP port, and encryption method for external connections. This step causes the external POP3 settings to be displayed in Outlook on the web (formerly known as Outlook Web App) at Settings > Options > Mail > Accounts > POP and IMAP.To allow external POP3 clients to connect to mailboxes, you need to configure the POP3 server FQDN, TCP port, and encryption method for external connections. This step causes the external POP3 settings to be displayed in Outlook on the web (formerly known as Outlook Web App) at Settings > Options > Mail > Accounts > POP and IMAP.

    Web 上的 Outlook 中的 POP 设置

  3. 重启 POP3 服务,保存所做的更改。Restart the POP3 services to save the changes.

  4. 为内部和外部客户端配置已验证的 SMTP 设置。Configure the authenticated SMTP settings for internal and external clients. 有关详细信息,请参阅为 POP3 和 IMAP4客户端配置已验证的 SMTP Exchange Server。For more information, see Configure authenticated SMTP settings for POP3 and IMAP4 clients in Exchange Server.

有关 POP3 有关详细信息,请参阅 POP3 and IMAP4 in Exchange ServerFor more information about POP3, see POP3 and IMAP4 in Exchange Server.

在开始之前,您需要知道什么?What do you need to know before you begin?

  • 估计完成每个步骤时间:5 分钟。Estimated time to complete each procedure: 5 minutes.

  • 安全套接字层 (SSL) 将由传输层安全性 (TLS) 替代作为用于加密计算机系统之间发送的数据的协议。它们是如此密切相关,以至于术语"SSL"和"TLS"(不带版本)经常互换使用。由于此相似性,Exchange 主题、Exchange 管理中心 和 Exchange 命令行管理程序 中对"SSL"的引用通常用来同时涵盖 SSL 和 TLS 协议。通常,"SSL"仅在提供版本的情况下指的是实际的 SSL 协议(例如,SSL 3.0)。若要找出您应禁用 SSL 协议并切换到 TLS 的原因,请查看防御 SSL 3.0 漏洞Secure Sockets Layer (SSL) is being replaced by Transport Layer Security (TLS) as the protocol that's used to encrypt data sent between computer systems. They're so closely related that the terms "SSL" and "TLS" (without versions) are often used interchangeably. Because of this similarity, references to "SSL" in Exchange topics, the Exchange admin center, and the Exchange Management Shell have often been used to encompass both the SSL and TLS protocols. Typically, "SSL" refers to the actual SSL protocol only when a version is also provided (for example, SSL 3.0). To find out why you should disable the SSL protocol and switch to TLS, check out Protecting you against the SSL 3.0 vulnerability.

  • 若要了解如何在本地 Exchange 组织中打开 Exchange 命令行管理程序,请参阅 Open the Exchange Management ShellTo learn how to open the Exchange Management Shell in your on-premises Exchange organization, see Open the Exchange Management Shell.

  • 您必须先获得权限,然后才能执行此过程或多个过程。若要查看所需的权限,请参阅 客户端和移动设备权限主题中的"POP3 和 IMAP4 权限"条目。You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "POP3 and IMAP4 Permissions" section in the Clients and mobile devices permissions topic.

  • 若要了解本主题中的过程可能适用的键盘快捷键,请参阅 Exchange 管理中心内的键盘快捷键For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

提示

遇到问题?请访问以下 Exchange 论坛寻求帮助:Exchange ServerExchange OnlineExchange Online ProtectionHaving problems? Ask for help in the Exchange forums. Visit the forums at: Exchange Server, Exchange Online, or Exchange Online Protection.

第 1 步:启动 POP3 服务,并将服务配置为自动启动Step 1: Start the POP3 services, and configure the services to start automatically

可以使用 Windows 服务控制台或 Exchange 命令行管理程序执行这一步。You can perform this step by using the Windows Services console, or the Exchange Management Shell.

使用 Windows 服务控制台启动 POP3 服务,并将服务配置为自动启动Use the Windows Services console to start the POP3 services, and configure the services to start automatically

  1. 在 Exchange 服务器上,打开 Windows 服务控制台。On the Exchange server, open the Windows Services console. 例如:For example:

    • 从"运行 services.msc "对话框 命令提示符窗口或 Exchange 命令行管理程序 运行命令。Run the command services.msc from the Run dialog, a Command Prompt window, or the Exchange Management Shell.

    • Open Server Manager, and then click Tools > Services.Open Server Manager, and then click Tools > Services.

  2. In the list of services, select Microsoft Exchange POP3, and then click Action > Properties.In the list of services, select Microsoft Exchange POP3, and then click Action > Properties.

  3. The Microsoft Exchange POP3 Properties window opens. On the General tab, configure the following settings:The Microsoft Exchange POP3 Properties window opens. On the General tab, configure the following settings:

    • 启动类型****:选择自动Startup type: Select Automatic.

    • 服务状态:单击"启动 "。Service status: Click Start.

    完成后,单击"确定 "。When you're finished, click OK.

  4. In the list of services, select Microsoft Exchange POP3 Backend, and then click Action > Properties.In the list of services, select Microsoft Exchange POP3 Backend, and then click Action > Properties.

  5. The Microsoft Exchange POP3 Backend Properties window opens. On the General tab, configure the following settings:The Microsoft Exchange POP3 Backend Properties window opens. On the General tab, configure the following settings:

    • 启动类型****:选择自动Startup type: Select Automatic.

    • 服务状态:单击"启动 "。Service status: Click Start.

    完成后,单击"确定 "。When you're finished, click OK.

使用 Exchange 命令行管理程序启动 POP3 服务,并将服务配置为自动启动Use the Exchange Management Shell to start the POP3 services, and configure the services to start automatically

  1. 运行以下命令,启动 POP3 服务:Run the following command to start the POP3 services:

    Start-Service MSExchangePOP3; Start-Service MSExchangePOP3BE
    
  2. 运行以下命令,将 POP3 服务配置为自动启动:Run the following command to configure the POP3 services to start automatically:

    Set-Service MSExchangePOP3 -StartupType Automatic; Set-Service MSExchangePOP3BE -StartupType Automatic
    

有关这些 cmdlet 的详细信息,请参阅 Start-ServiceSet-ServiceFor more information about these cmdlets, see Start-Service and Set-Service.

您如何知道此步骤有效?How do you know this step worked?

若要确认是否已成功启动 POP3 服务,请按照下列任意过程操作:To verify that you've successfully started the POP3 services, use either of the following procedures:

  • On the Exchange server, open Windows Task Manager. On the Services tab, verify that the Status value for the MSExchangePOP3 and MSExchangePOP3BE services is Running.On the Exchange server, open Windows Task Manager. On the Services tab, verify that the Status value for the MSExchangePOP3 and MSExchangePOP3BE services is Running.

  • 在 Exchange 命令行管理程序中,运行以下命令,确认 POP3 服务是否正在运行:In the Exchange Management Shell, run the following command to verify that the POP3 services are running:

    Get-Service MSExchangePOP3; Get-Service MSExchangePOP3BE
    

第 2 步:使用 Exchange 命令行管理程序为外部客户端配置 POP3 设置Step 2: Use the Exchange Management Shell to configure the POP3 settings for external clients

若要为外部客户端配置 POP3 设置,请使用以下语法:To configure the POP3 settings for external clients, use the following syntax:

Set-PopSettings -ExternalConnectionSettings "<FQDN1>:<TCPPort1>:<SSL | TLS | blank>", "<FQDN2>:<TCPPort2>:<SSL | TLS | blank>"...  -X509CertificateName <FQDN> [-SSLBindings "<IPv4Orv6Address1>:<TCPPort1>","<IPv4Orv6Address2>:<TCPPort2>"...] [-UnencryptedOrTLSBindings "<IPv4Orv6Address1>:<TCPPort1>","<IPv4Orv6Address2>:<TCPPort2>"...]

此示例允许为外部 POP3 连接配置以下设置:This example allows configures the following settings for external POP3 connections:

  • POP3 服务器 FQDN:mail.contoso.comPOP3 server FQDN: mail.contoso.com

  • TCP 端口:995 用于始终 TLS 加密连接,110 用于未加密连接或操作 TLS (STARTTLS) 加密连接。TCP port: 995 for always TLS encrypted connections, and 110 for unencrypted connections or opportunistic TLS (STARTTLS) encrypted connections.

  • 始终 TLS 加密连接的内部 Exchange 服务器 IP 地址和 TCP 端口:端口 995 上的服务器上所有可用的 IPv4 和 IPv6 地址 (我们不使用 SSLBindings 参数,默认值为 [::]:995,0.0.0.0:995) 。Internal Exchange server IP address and TCP port for always TLS encrypted connections: All available IPv4 and IPv6 addresses on the server on port 995 (we aren't using the SSLBindings parameter, and the default value is [::]:995,0.0.0.0:995).

  • 未加密或操作 TLS (STARTTLS) 加密连接的内部 Exchange 服务器 IP 地址和 TCP 端口:端口 110 上的服务器上所有可用的 IPv4 和 IPv6 地址 (我们不使用 UnencryptedOrTLSBindings 参数,默认值为 [::]:110,0.0.0.0:110) 。Internal Exchange server IP address and TCP port for unencrypted or opportunistic TLS (STARTTLS) encrypted connections: All available IPv4 and IPv6 addresses on the server on port 110 (we aren't using the UnencryptedOrTLSBindings parameter, and the default value is [::]:110,0.0.0.0:110).

  • 用于加密的 FQDN:mail.contoso.com。FQDN used for encryption: mail.contoso.com. 此值标识匹配或包含 POP3 服务器 FQDN 的证书。This value identifies the certificate that matches or contains the POP3 server FQDN.

Set-PopSettings -ExternalConnectionSettings "mail.contoso.com:995:SSL","mail.contoso.com:110:TLS" -X509CertificateName mail.contoso.com

注意Notes:

  • 有关语法和参数的详细信息,请参阅 Set-PopSettingsFor detailed syntax and parameter information, see Set-PopSettings.

  • 配置的外部 POP3 服务器 FQDN 必须在公用 DNS 中有相应的记录,并且必须允许 TCP 端口(110 或 995)流量通过防火墙流向 Exchange 服务器。The external POP3 server FQDN that you configure needs to have a corresponding record in your public DNS, and the TCP port (110 or 995) needs to be allowed through your firewall to the Exchange server.

  • 用于 ExternalConnectionSettings 参数的加密方法和 TCP 端口的组合需要与用于 SSLBindingsUnencryptedOrTLSBindings 参数的相应 TCP 端口和加密方法相匹配。The combination of encryption methods and TCP ports that you use for the ExternalConnectionSettings parameter need to match the corresponding TCP ports and encryption methods that you use for the SSLBindings or UnencryptedOrTLSBindings parameters.

  • 虽然可以对 POP3 使用单独证书,但建议使用与其他 Exchange IIS (HTTP) 服务相同的证书,可能是商业证书颁发机构颁发的通配符证书或使用者可选名称 (SAN) 证书,自动受所有客户端信任。有关详细信息,请参阅 Exchange 服务的证书要求Although you can use a separate certificate for POP3, we recommend that you use the same certificate as the other Exchange IIS (HTTP) services, which is likely a wildcard certificate or a subject alternative name (SAN) certificate from a commercial certification authority that's automatically trusted by all clients. For more information, see Certificate requirements for Exchange services.

  • 如果使用单一使用者证书或 SAN 证书,还需要将证书分配给 Exchange POP 服务。If you use a single subject certificate, or a SAN certificate, you also need to assign the certificate to the Exchange POP service. 无需向 Exchange POP 服务分配通配符证书。You don't need to assign a wildcard certificate to the Exchange POP service. 有关详细信息,请参阅将 证书分配给Exchange Server服务For more information, see Assign certificates to Exchange Server services.

如何判断这一步是否生效?How you do know this step worked?

若要确认是否已为外部客户端成功配置 POP3 设置,请在 Exchange 命令行管理程序中运行以下命令,并验证设置:To verify that you've successfully configured the POP3 settings for external clients, run the following command in the Exchange Management Shell and verify the settings:

Get-PopSettings | Format-List *ConnectionSettings,*Bindings,X509CertificateName

有关详细信息,请参阅 Get-POPSettingsFor more information, see Get-POPSettings.

第 3 步:重启 POP3 服务Step 3: Restart the POP3 services

启用和配置 POP3 后,需要使用 Windows 服务控制台或 Exchange 命令行管理程序重启服务器上的 POP3 服务。After you enable and configure POP3, you need to restart the POP3 services on the server by using the Windows Services console, or the Exchange Management Shell.

使用 Windows 服务控制台重启 POP3 服务Use the Windows Services console to restart the POP3 services

  1. 在 Exchange 服务器上,打开 Windows 服务控制台。On the Exchange server, open the Windows Services console.

  2. In the list of services, select Microsoft Exchange POP3, and then click Action > Restart.In the list of services, select Microsoft Exchange POP3, and then click Action > Restart.

  3. In the list of services, select Microsoft Exchange POP3 Backend, and then click Action > Restart.In the list of services, select Microsoft Exchange POP3 Backend, and then click Action > Restart.

使用 Exchange 命令行管理程序重启 POP3 服务Use the Exchange Management Shell to restart the POP3 services

运行以下命令,重启 POP3 服务。Run the following command to restart the POP3 services.

Restart-Service MSExchangePOP3; Restart-Service MSExchangePOP3BE

有关此 cmdlet 的详细信息,请参阅 Restart-ServiceFor more information about this cmdlet, see Restart-Service.

若要验证是否已成功重启 POP3 服务,请运行以下命令:To verify that you've successfully restarted the POP3 services, run the following command:

Get-Service MSExchangePOP3; Get-Service MSExchangePOP3BE

第 4 步:为 POP3 客户端配置已验证的 SMTP 设置Step 4: Configure the authenticated SMTP settings for POP3 clients

由于 POP3 不用于发送电子邮件,因此需要配置已验证的 SMTP 设置,以供内部和外部 POP3 客户端使用。Because POP3 isn't used to send email messages, you need to configure the authenticated SMTP settings that are used by internal and external POP3 clients. 有关详细信息,请参阅 POP3 and IMAP4 in Exchange ServerFor more information, see POP3 and IMAP4 in Exchange Server.

如何判断此任务生效?How do you know this task worked?

若要验证是否已在 Exchange 服务器上启用和配置 POP3,请按照下列过程操作:To verify that you have enabled and configured POP3 on the Exchange server, perform the following procedures:

  1. Open a mailbox in Outlook on the web, and then click Settings > Options.Open a mailbox in Outlook on the web, and then click Settings > Options.

    Outlook 网页版中的'选项'菜单位置

  2. Click Mail > Accounts > POP and IMAP and verify the correct POP3 settings are displayed.Click Mail > Accounts > POP and IMAP and verify the correct POP3 settings are displayed.

    Web 上的 Outlook 中的 POP 设置

    注意:如果在 Set-PopSettings cmdlet 上为 ExternalConnectionSettings 参数配置了 995/SSL 和 110/TLS 值,则 Web 上的 Outlook 中只显示 995/SSL 值。Note: If you configured 995/SSL and 110/TLS values for the ExternalConnectionSettings parameter on the Set-PopSettings cmdlet, only the 995/SSL value is displayed in Outlook on the web. 此外,如果重启 POP3 服务后,您配置的外部 POP3 设置未按预期显示在 Outlook 网页版中,请运行命令并重新启动 INTERNET INFORMATION SERVICES (net stop w3svc /y net start w3svc IIS) 。Also, if the external POP3 settings that you configured don't appear as expected in Outlook on the web after you restart the POP3 services, run the commands net stop w3svc /y and net start w3svc to restart Internet Information Services (IIS).

  3. 可以使用以下方法,测试与 Exchange 服务器的 POP3 客户端连接:You can test POP3 client connectivity to the Exchange server by using the following methods:

    • 内部客户端:使用 Test-PopConnectivity cmdlet。Internal clients: Use the Test-PopConnectivity cmdlet. 例如,Test-PopConnectivity -ClientAccessServer <ServerName> -Lightmode -MailboxCredential (Get-Credential)For example, Test-PopConnectivity -ClientAccessServer <ServerName> -Lightmode -MailboxCredential (Get-Credential). 有关详细信息,请参阅 Test-PopConnectivityFor more information, see Test-PopConnectivity.

      注意:Lightmode 开关指示命令测试 POP3 如何到服务器。Note: The Lightmode switch tells the command test POP3 logons to the server. 若要测试 (SMTP) 以及 (POP3) ,您需要配置已验证的 SMTP 设置,如 Exchange Server 中的 POP3 和 IMAP4 中所述To test sending (SMTP) and receiving (POP3) a message, you need to configure the authenticated SMTP settings as described in POP3 and IMAP4 in Exchange Server.

    • 外部客户端:使用 Microsoft Remote Connectivity Analyzer 中的 POP 电子邮件测试External clients: Use the POP Email test in the Microsoft Remote Connectivity Analyzer.

      注意:无法使用 POP3 连接管理员邮箱。Note: You can't use POP3 to connect to the Administrator mailbox. 此限制是有意包含在 Exchange 2016 和 Exchange 2019 中,以增强管理员邮箱的安全性。This limitation was intentionally included in Exchange 2016 and Exchange 2019 to enhance the security of the Administrator mailbox.

后续步骤Next steps

若要启用或禁用对单个邮箱的 POP3 访问,请参阅启用或禁用对邮箱的 POP3 或IMAP4 Exchange Server。To enabled or disable POP3 access to individual mailboxes, see Enable or disable POP3 or IMAP4 access to mailboxes in Exchange Server.