Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2009-10-08

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) can be used to secure connections between your users and your Microsoft Exchange Server 2010 computers. TLS and SSL are cryptographic protocols that provide security for communications over the Internet. We strongly recommend that you use TLS and SSL to help secure communications between your POP3 and IMAP4 clients and the Exchange Server 2010 Client Access server.

You can use the Exchange Management Console and the Exchange Management Shell to configure TLS and SSL on the Exchange Server 2010 server that has the POP3 and IMAP4 services enabled.

Looking for more information about securing Client Access servers? See Securing Client Access Servers.

Configuring TLS and SSL

Before you configure TLS and SSL to help secure POP3 and IMAP4 access, make sure that you understand the process for configuring TLS and SSL for the Exchange 2010 Client Access server. For more information about how to help secure communications, see the following topics:

Securing Client Access Servers

Managing SSL for a Client Access Server

Install an SSL Certificate on a Client Access Server

Understanding TLS Certificates

Configuring TLS and SSL for POP3 and IMAP4

You can use either the EMC or the Shell to configure SSL or TLS for POP3 and IMAP4 on an Exchange 2010 Client Access server.

For more information about how to configure SSL and TLS for POP3 and IMAP4, see the following topics:

Configure POP3 to Use TLS or SSL

Configure IMAP4 to Use TLS or SSL

Configuring Ports for POP3 and IMAP4 When Using TLS and SSL

When you use TLS and SSL for POP3 and IMAP4 access, the Exchange 2010 Client Access server uses the ports listed in the following table to communicate with clients.

Ports for POP3 and IMAP4 access when using TLS and SSL

Protocol Default port

IMAP4/SSL

993 (TCP)

IMAP4 with or without TLS

143 (TCP)

POP3/SSL

995 (TCP)

POP3 with or without TLS

110 (TCP)

By default, the values in this table are used for communicating with clients. You can specify other ports to use with POP3 and IMAP4 clients if you want to disable communication through the default ports. For more information about how to configure ports for Exchange 2010 POP3 and IMAP4 clients, read Configure IP Addresses and Ports for POP3 and IMAP4 Access.