Exchange Server/Enable POP3 and IMAP4 access

From ITHandbook

Overview

POP3 and IMAP4 are widely used protocols supported by many email clients.

By default, POP3 and IMAP4 protocol isn't enabled. To use these protocols, you need to perform actions to enable them manually.

Prerequisites

  • The account used to operate must have appropriate roles to manage the server.
  • A valid certificate.
    • It is highly recommended to use a certificate issued by an external CA rather than AD CS, otherwise, a certificate distrust warning appears on devices outside the organization.
    • For more information, see Certificates.

Enable POP3 or IMAP4 access

Start the services

 Note:
 If you configured high availability, start one of the following services according to your configuration.
You can add the -PassThru parameter to output the results.

Open a Exchange Management Shell as administrator and use the following cmdlet to start the service: 

# POP3
Set-Service MSExchangePOP3 -StartupType Automatic
Set-Service MSExchangePOP3 -Status Running
Set-Service MSExchangePOP3BE -StartupType Automatic
Set-Service MSExchangePOP3BE -Status Running

# IMAP4
Set-Service MSExchangeIMAP4 -StartupType Automatic
Set-Service MSExchangeIMAP4 -Status Running
Set-Service MSExchangeIMAP4BE -StartupType Automatic
Set-Service MSExchangeIMAP4BE -Status Running

Run services.msc and verify that the service has started.

Configure the connection settings for clients

 Note:
 Use the -InternalConnectionSettings parameter to configure the internal connection, or use the -ExternalConnectionSettings parameter to configure the external connection.

Open a Exchange Management Shell as administrator and use the following cmdlet: 

# POP3
Set-PopSettings -server <Server name> -ExternalConnectionSettings "<FQDN>:995:SSL", "<FQDN>:110:TLS" -X509CertificateName <FQDN>
# IMAP4
Set-ImapSettings -server <Server name> -ExternalConnectionSettings "<FQDN>:993:SSL", "<FQDN>:143:TLS" -X509CertificateName <FQDN>

For example, if the Exchange Server name is EXCAS01, and the FQDN is mail.example.com, enter the following cmdlet: 

Set-PopSettings -server EXCAS01 -ExternalConnectionSettings "mail.example.com:995:SSL", "mail.example.com:110:TLS" -X509CertificateName mail.example.com
Set-ImapSettings -server EXCAS01 -ExternalConnectionSettings "mail.example.com:993:SSL","mail.example.com:143:TLS" -X509CertificateName mail.example.com

Additional Operations for Wildcard Certificates

For a wildcard certificate, you may encounter an error when using the
-X509CertificateName parameter.

The solution is executing the previous command without the
-X509CertificateName parameter, and run the following cmdlet: 

# Obtain the thumbprint for all certificates.
Get-ExchangeCertificate

# Assign the certificate to the target services.
Enable-ExchangeCertificate -Thumbprint <A long string> -Services POP,IMAP,SMTP,IIS

Restart the services

Run the following cmdlet: 

# POP3
Restart-Service MSExchangePOP3
Restart-Service MSExchangePOP3BE

# IMAP4
Restart-Service MSExchangeIMAP4
Restart-Service MSExchangeIMAP4BE

Verify the connection settings

 Note:
 You can enable or disable POP3 or IMAP4 access for users in the Exchange Admin Center.
For more information, refer to Manage users and groups.

Log in to your mailbox and navigate to Settings → Options → Mail → Accounts → POP and IMAP.

If you configured both SSL and TLS, only the SSL value is displayed in Outlook on the web.

 Note:
 Use Microsoft Remote Connectivity Analyzer to test the external connection.

Verify the configuration by using another mail client (such as Thunderbird).

Try to receive and send email to test the connection.

Retrieved from "https://www.ithandbook.org:443/index.php?title=Exchange_Server/Enable_POP3_and_IMAP4_access&oldid=2207"