![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-01.png\" "\\"exchange-2010-pop-security-01\\"")
<\/p>\nIn this tutorial I\u2019ll show you how to configure the Exchange 2010 POP3 service for secure client access.<\/p>\n
The Post Office Protocol (POP) can be insecure as it allows the passing of user credentials in plain text. \u00a0To understand how serious this is, imagine that your end users are in a public wi-fi network and connecting to your corporate Exchange servers over POP3. \u00a0They\u2019ll be authenticating with their Active Directory username and password.<\/p>\n
If POP access is not secured those credentials will be sent \u201cin the clear\u201d and could be sniffed by an attacker who is also on the same wi-fi network. \u00a0To see an example of this in action, here is a POP3 session login sniffed on an insecure network.<\/p>\n
<\/p>\n
Insecure POP3 login traffic<\/p>\n
The user\u2019s cleverly chosen password of \u201cSeagull1\u2033 is visible to anyone who is able to sniff the network traffic.<\/p>\n
As you can see in the example above it is very important that POP traffic is secured if you plan to use it for remote email access in your Exchange 2010 environment.<\/p>\n
To configure the POP3 service on Exchange Server 2010 Client Access servers open the Exchange Management Console<\/strong> and navigate to Server Configuration\/Client Access<\/strong>.<\/p>\n Click on the name of the Client Access server you want to configure, and then open the Properties<\/strong> of the POP3 protocol in the lower pane.<\/p>\n Configuring the POP3 protocol for Exchange 2010 Client Access servers<\/p>\n On the Authentication<\/strong> tab you can see that Secure logon<\/strong> is the default setting. \u00a0So why have I been explaining the importance of POP3 security to you when Exchange 2010 is secure by default?<\/p>\n Exchange 2010 POP3 default Authentication settings<\/p>\n Because I see a lot of customers changing this setting to Plain text logon<\/strong>, simply because that is the easiest way to get POP3 working quickly. \u00a0Usually they do this because they encounter logon errors for clients who are trying to connect.<\/p>\n POP3 logon errors for Exchange Server 2010 remote user<\/p>\n A network capture shows the same error occurring.<\/p>\n Exchange 2010 POP3 client logon error network traffic<\/p>\n This will happen if the email client is not configured to use SSL for the connection.<\/p>\n Configuring SSL connection for POP3 client<\/p>\n When the POP3 connection is made using SSL the client is able to logon and retrieve mail successfully. \u00a0And more importantly, they are doing so without attackers on insecure networks being able to sniff the credentials from the network traffic.<\/p>\n Network capture of SSL-secured POP3 traffic<\/p>\n You may have noticed in the screenshot above that when the client is configured for SSL it changes the port from 110 to 995. \u00a0TCP 995 is the port for SSL-secured POP3. \u00a0The POP3 service is bound to both ports 110 and 995 by default. \u00a0You can see this in the Bindings<\/strong> tab of the POP3 properties.<\/p>\n Exchange 2010 POP3 default port bindings<\/p>\n Because SSL is being used to secure the POP3 connections you will need to configure an SSL certificate for your Client Access server.<\/p>\n This certificate must include the name that you want your remote users to connect to for POP3 access, as well as be trusted by the remote user\u2019s computer that they are connecting from. \u00a0If it is not trusted, or there is a name mismatch, then they may receive certificate warnings in their POP3 email client.<\/p>\n Certificate warnings for Exchange 2010 POP3 users<\/p>\n To fix this after installing an SSL certificate configure the certificate name in the Authentication<\/strong> tab of the POP3 properties.<\/p>\n Configuring SSL certificate name for Exchange 2010 POP3<\/p>\n You\u2019ll need to restart the POP3 service to apply this or any other configuration change that you make.<\/p>\n When all of the settings are configured correctly your remote email users will be able to connect to Exchange Server 2010 over POP3 securely.<\/p>\n","protected":false},"excerpt":{"rendered":" In this tutorial I\u2019ll show you how to configure the Exchange 2010 POP3 service for secure client access. Understanding the Need for Secure POP3 The Post Office Protocol (POP) can be insecure as it allows the passing of user credentials in plain text. \u00a0To understand how serious this is, imagine that your end users are […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-1289","post","type-post","status-publish","format-standard","hentry","category-exchange-2010"],"_links":{"self":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1289","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1289"}],"version-history":[{"count":2,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1289\/revisions"}],"predecessor-version":[{"id":1291,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=\/wp\/v2\/posts\/1289\/revisions\/1291"}],"wp:attachment":[{"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1289"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1289"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/microsoftgeek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1289"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-02.png\" "\\"exchange-2010-pop-security-02\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-03.png\" "\\"exchange-2010-pop-security-03\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-04.png\" "\\"exchange-2010-pop-security-04\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-05.png\" "\\"exchange-2010-pop-security-05\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-06.png\" "\\"exchange-2010-pop-security-06\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-07.png\" "\\"exchange-2010-pop-security-07\\"")
<\/p>\nConfiguring Ports for Exchange Server 2010 POP3<\/h2>\n
![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-08.png\" "\\"exchange-2010-pop-security-08\\"")
<\/p>\nConfiguring an SSL Certificate for Exchange Server 2010 POP3<\/h2>\n
![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-09.png\" "\\"exchange-2010-pop-security-09\\"")
<\/p>\n![\"\"](\"http:\/\/exchangeserverpro.com\/wp-content\/uploads\/2011\/03\/exchange-2010-pop-security-10.png\" "\\"exchange-2010-pop-security-10\\"")
<\/p>\n