Re: Enabling STARTTLS in Exchange 2003 IMAP service?
From: Andrew Biggs (dreamcoder_at_yahoo.com)
Date: 01/12/05
- Next message: you know who maybe: "E2k3: An ambiguous SMTP proxy SystemMailbox error 9549"
- Previous message: Kevin: "Configuring a domain"
- In reply to: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Next in thread: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Reply: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 12 Jan 2005 10:13:54 -0700
I'm sorry I wasn't more clear before Ben, but I'm actually not using an
IMAP client, I'm creating one. I realize that some IMAP clients are
written to automatically defer to port 993 for IMAP-over-SSL behavior.
What I was looking for, though, was Exchange support for the more
recent IMAP standard RFC-3501, which incorporates features previously
described in RFC-2595 (i.e. the STARTTLS capability).
From the information neo provided, and from others I've consulted with
on other mail groups, apparently Exchange does not support the STARTTLS
capability (which explains why I couldn't get it to work ;-). Thanks to
the proxy neo pointed me to, though, it looks like I can get simulated
STARTTLS support on port 143, which will be very helpful.
Thanks again for the assistance, I appreciate it!
Andrew
Ben Winzenz [Exchange MVP] wrote:
> But also, as I indicated earlier, if you enable and require TLS for logins,
> if you try to connect with a client, it will return a response indicating
> that the server requires TLS. You must then set up the client for Secure
> Password Authentication (Outlook Express and Outlook). Once you do this,
> the login credentials should be encrypted. My guess is that most IMAP
> clients will have some way to support that, though there are obviously some
> that won't.
>
> Also, per my question earlier, what type of response do you get when you
> issue commands via telnet to port 143? You may not receive a response
> indicating it supports the STARTTLS verb from a manual telnet connection,
> but if you have configured the client and server as indicated, the login
> information should be encrypted. If you are using the clients mentioned
> above, this is not an issue. It is only a problem when you use a 3rd party
> IMAP client that specifically requires the STARTTLS verb to be advertised,
> which apparently Exchange does not. But don't take that to mean that
> Exchange will not support encrypted logins. It does, it just doesn't
> apparently advertise the STARTTLS verb. You might take a look on MSDN, or
> post in the outlook or outlook express forums to see if someone can indicate
> exactly how those clients are able to take advantage of TLS for logins,
> because they certainly can.
>
- Next message: you know who maybe: "E2k3: An ambiguous SMTP proxy SystemMailbox error 9549"
- Previous message: Kevin: "Configuring a domain"
- In reply to: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Next in thread: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Reply: Ben Winzenz [Exchange MVP]: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
