Thursday, September 13, 2007

Configuring IMAP over SSL with SBS 2003 Standard

In this author’s opinion, providing access to e-mail via IMAP is better than POP3. The approach of IMAP more closely emulates how Exchange provides e-mail services in that messages are maintained on the server, and the IMAP client only pulls down what is needed. There are still security issues with IMAP, however, in that the default protocol still transmits the username and password information across the internet in clear text, and even though fewer sniffers are trained on IMAP ports to try and discover account credentials, the risk is still there.

To help protect account credentials, as well as e-mail contents, IMAP can be set up over SSL, which encrypts the entire transaction process, not just username and password. The iPhone and other devices can be easily set up to use IMAP over SSL, but you have to first set up the Exchange server on SBS to provide the secure mail transport. This document covers this implementation with SBS 2003 Standard and no ISA. You will need to configure your firewall to forward the appropriate ports to the SBS server, which is beyond the scope of this document.

Configuring IMAP over SSL with SBS 2003 Standardhttp://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView&articleId=231

Configuring IMAP over SSL with SBS 2003 Premium and ISA 2004: http://www.smallbizserver.net/Default.aspx?tabid=266&articleType=ArticleView&articleId=232