Re: Enabling STARTTLS in Exchange 2003 IMAP service?
From: Ben Winzenz [Exchange MVP] (ben_winzenz_at_NOSPAMdotmessageonedotcom)
Date: 01/11/05
- Next message: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Previous message: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- In reply to: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Next in thread: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Reply: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 11 Jan 2005 14:04:30 -0600
I guess I'm not exactly clear on what your goal is. Do you just want the
login information to be encrypted, or do you want the entire conversation to
be encrypted? They are totally separate.
For the first, if you simply want to enable encrypted logins, then once you
have made change to the IMAP VS (as it appears you have), you must then
configure the client. For example, in Outlook Express, you must tell it to
"Log on using Secure Password Authentication". Outlook has a similar
option. What is the current result when you initiate a manual telnet on
port 143? I guess I don't understand the need to have that command listed.
If you are requiring TLS/SSL for logins, and you attempt to login from a
client such as OE, you will be informed that the server requires TLS/SSL for
logins. That is perhaps a better test.
-- Ben Winzenz Exchange MVP "Andrew Biggs" <dreamcoder@yahoo.com> wrote in message news:41E41604.3040108@yahoo.com... > Thanks for the response Ben. You are correct that STARTTLS is in fact an > SMTP verb, but it is also an IMAP verb (see section 6.2.1 of RFC-3501). > This section describes a means for "upgrading" an ordinary cleartext IMAP > connection to a TLS encrypted connection, very much like how it is done in > SMTP. In order to use it, however, the server must advertise support for > the STARTTLS command as part of it's response to the CAPABILITY command. > It is in getting Exchange 2003 to advertise support for this capability > that I am having difficulty. > > Andrew > > Ben Winzenz [Exchange MVP] wrote: > >> I think you may be misunderstanding what IMAP is used for. IMAP is a >> mailbox viewing protocol. It stands for Internet Message Access >> Protocol. The STARTTLS command is an SMTP verb, not an IMAP command. >> What you are looking at is simply the ability to connect to the IMAP >> server via an SSL port. The standard (non-SSL) IMAP port is 143. If you >> enable SSL, then the port is 993, not 143. >> >> Since the STARTTLS command is an SMTP verb, this would be enabled on your >> SMTP Virtual server. Enabling TLS here would allow outgoing SMTP >> messages to be encrypted, but would also require that the host you are >> sending to accept them. TLS is not an extremely common implementation in >> mail servers. Meaning, although Exchange supports TLS, both the sending >> server and receiving server must be configured to enable it. If you want >> to see if your server supports it, simply telnet on port 25 and issue an >> EHLO command. >>
- Next message: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Previous message: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- In reply to: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Next in thread: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Reply: Andrew Biggs: "Re: Enabling STARTTLS in Exchange 2003 IMAP service?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
