The required permissions are listed within each step of the following procedure. For more information about permissions, delegating roles, and the rights that are required to administer Exchange 2007, see Permission Considerations.

Follow these steps to make sure that your Exchange environment is configured correctly to enable your users to use POP3 or IMAP4 to connect to their mailboxes on an Exchange 2007 server:

1. Verify that the Client Access server role is installed on an Exchange 2007 server. User connections to Exchange 2007 mailboxes from POP3 or IMAP4 clients must pass through the Client Access server. 
   
   

   Note:
   To verify that the Client Access server role is installed, the account you use must be delegated at least the Exchange View-Only Administrator role.

   Do one of the following:
   
   
   • In the Exchange Management Console, click Server Configuration, and then click Client Access. The names of the computers that have the Client Access server role installed are listed.
     
     
   • In the Exchange Management Shell, run Get-ExchangeServer -Identity <servername> | fl. If the Client Access server role has been installed, the value for IsClientAccessServer should be True.
     
     
2. Verify that the service that you want to use is running and is configured to start automatically. By default the POP3 service and the IMAP4 service are installed but are not running.
   
   

   Important:
   If the appropriate services are not running, you must start them.

   To verify that the appropriate service is running, do one of the following:
   
   
   • In the Services console, verify that the service you want to use is running. The services are named Microsoft Exchange POP3 and Microsoft Exchange IMAP4.
     
     
   • In Exchange Management Shell, enter get-service *exchange*.
     
     
   For information about how to start each service and configure it to start automatically, see Enabling POP3 and IMAP4 on a Client Access Server.
   
   
3. Verify that the users who you want to be able to connect to their mailboxes by using POP3 and IMAP4 are enabled for that type of access. By default, all users are enabled for POP3 and IMAP4 access.
   
   

   Note:
   To verify that the users are enabled for POP3 or IMAP4 access, the account you use must be delegated the Exchange View-Only Administrator role.

   Note:
   The Get-CASMailbox cmdlet can run only on an Exchange 2007 server that has the Mailbox server role installed.

   To verify that your users are enabled for POP3 or IMAP4, run one of the following commands:
   
   
   • To verify that all the users on a Mailbox server are enabled for POP3 or IMAP4, run Get-CASMailbox.
     
     
   • To verify that an individual mailbox is enabled for POP3 or IMAP4, run Get-CASMailbox <username>.
     
     View the results returned by the Exchange Management Shell. For example, under the PopEnabled column, you can determine whether a user is enabled for POP3 access. If PopEnabled is set to False, the user is not enabled for access.
     
     For information about how to enable POP3 access for a specific user, see How to Enable or Disable POP3 Access for a User. For information about how to enable IMAP4 access for a specific user, see How to Enable or Disable IMAP4 Access for a User.
     
     
4. Verify the authentication settings are configured to match the settings that you want to use. To verify and configure the authentication settings for POP3, do the following:
   
   

   Note:
   The steps for verifying authentication settings for POP3 are included in this step. If you are performing this task for IMAP4, use the logic of this step but use the commands Get-IMAPSettings and Set-IMAPSettings.

   Note:
   In the original release (RTM) version of Exchange 2007, you could only configure authentication for POP3 by using the Exchange Management Shell. In Exchange 2007 Service Pack 1 (SP1), you can also configure authentication for POP3 by using the Exchange Management Console.

   1. Check the authentication setting for the POP3 Service. To view the authentication settings, the account you use must be delegated at least the Exchange View-Only Administrator role. Run the Get-POPSettings command. The value specified for the LoginType parameter specifies the authentication setting that is used for the Client Access server that is running the POP3 service. The possible values for the LoginType parameter are as follows:
      
      PlainTextLogin - The user name and password are not encrypted unless the underlying connection is encrypted by using Transport Layer Security (TLS) or Secure Sockets Layer (SSL).
      
      PlainTextAuthentication - (Integrated Windows Authentication) The user is authenticated by using an encrypted challenge/response protocol so that the user's password is not sent over the wire.
      
      SecureLogin - The user is authenticated by using plain text login or excrypted challenge/response over a secure connection. This option requires you to install an SSL certificate on a computer that has the Client Access server role installed.
      
      To help secure communications between your POP3 and IMAP4 clients and the Exchange 2007 server that has the Client Access server role installed, we strongly recommend that you use Secure Sockets Layer (SSL). When you use POP3 and IMAP4 clients, you can set authentication options and configure ports to communicate with clients. For more information about how to use SSL with POP3 and IMAP4, see Configuring TLS and SSL for POP3 and IMAP4 Access.
      
      
   2. If applicable, change the authentication setting to match the setting that you want. To perform this procedure, the account you use must be delegated the Exchange Server Administrators role and membership in the local Administrators group for the target server.
      
      For example, to change the authentication for POP3 to PlainTextAuthentication, run the following command:
      
      Set-PopSettings -LoginType PlainTextAuthentication
      
      

      Note:

      If you use PlainTextAuthentication and your clients connect by using port 143 for IMAP4 or port110 for POP3, your users who connect to Exchange by using Microsoft Outlook Express must configure Outlook Express client to use Secure Password Authentication. For information about how to configure client settings, see How to Connect to an Exchange Mailbox by Using POP3 or IMAP4. If you have made any changes to the authentication settings, restart the affected service. The names of the services are Microsoft Exchange POP3 and Microsoft Exchange IMAP4.

      For more information, see Managing POP3 and IMAP4 Security.
      
      

For information about how an Exchange user should configure their POP3 or IMAP4 client applications to connect to their mailboxes, see How to Connect to an Exchange Mailbox by Using POP3 or IMAP4.

For more information about what to consider when you deploy POP3 and IMAP4 connectivity, see the section "Planning Considerations for POP3 and IMAP4" in Planning for Client Access Servers.

You can also review each topic under the parent topic Managing POP3 and IMAP4.