Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

Topic Last Modified: 2011-11-01

When you use POP3 and IMAP4 clients, you can set authentication options, such as the ability to use TLS encryption, and configure ports for communication with clients. To successfully use the POP3 or IMAP4 services on your Microsoft Exchange Server 2010 server, you need to configure authentication. You can do this using the Exchange Management Console or the Exchange Management Shell.

Before you configure authentication, make sure you understand the process for configuring Secure Sockets Layer (SSL) for the server that has the Client Access server role installed. For more information about how to help secure communications, read the following topics:

Authentication Options for POP3 and IMAP4

There are three authentication options that you can use with POP3 and IMAP4. These options are configured when you use the EMC or the Set-PopSettings and Set-ImapSettings cmdlets in the Shell. The default ports to use differ depending on the authentication setting that you're using.

The following table lists the different authentication methods that can be used with POP3 and IMAP4 and the default ports for each method.

Authentication options for POP3 and IMAP4

Authentication method Value Default port Description

PlainTextLogin

1

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

TLS encryption is not required on port 110.

User name and password are sent unencrypted unless the underlying connection is encrypted by using TLS or SSL.

For IMAP4, this corresponds to using the "login" command to authenticate to the Exchange 2010 computer that has the Mailbox server role installed.

PlainTextAuthentication

2

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

TLS encryption is not required on port 110 and port 143. However, Basic authentication is permitted only on a port that uses TLS or SSL encryption.

For IMAP4, this corresponds to using the "authenticate" command to authenticate to the Mailbox server.

SecureLogin

3

110 (POP3)

995 (POP3 SSL)

143 (IMAP4)

993 (IMAP4 SSL)

Connection on port 110 and port 143 must use TLS encryption before authenticating.

Note:
Integrated Windows authentication (NTLM) isn’t supported for POP3 or IMAP4 connections in the RTM version of Exchange 2010. Support for NTLM authentication for POP3 and IMAP4 connections was brought back in Exchange 2010 SP1. For more information, see Discontinued Features from Exchange 2007 to Exchange 2010 RTM.