POP3 Easy Access to Microsoft Exchange Server

Until recently, users accessing their Microsoft Exchange Server mailbox froma remote location used Dial-Up Networking (DUN) or Remote Access Service (RAS)to dial their office and connect to the Exchange Server. This process usuallyinvolved a long-distance phone call and contention for the dial-in lines at theoffice. The release of Exchange Server 5.0 changes that scenario. Exchange 5.0lets you access mailboxes on the server using Post Office Protocol 3 (POP3).This development means that email clients, such as Eudora, Pegasus, or theMicrosoft Exchange client, that have the Internet Mail Service (IMS--formerlyInternet Mail Connector, IMC) installed can access regular mailboxes on anExchange email network over the Internet.

This article discusses installing and configuring support for POP3 on theExchange Server. To support access from clients on the Internet, you must alsoinstall and configure the Exchange IMS to provide the requisite connectivity.Exchange Server 5.0 includes both POP3 and the IMS software.

POP3 support is only a small part of Microsoft Exchange Server'sfunctionality. This article presupposes that you know how to set up and useExchange Server and the IMS. (For tips about installing Exchange, see DavidGeiger, "Seven Tasks to Get Started with Microsoft Exchange,"September 1996.) In addition, this article assumes that you are familiar withthe basic concepts of TCP/IP and of Simple Mail Transfer Protocol (SMTP)/POP3messaging. For information about how to set up and use the IMC/IMS and a basictutorial about SMTP and POP3, refer to my book The Microsoft Exchange ServerInternet Mail Connector (Duke Press, 1997).

An example best explains the POP3 support. Figure 1 shows atypical Exchange Server email system connected to the Internet. In this example,an Exchange organization, SAKES, has one site, Athens. The server Kifissia hasseveral Exchange mailboxes and is running the IMS. The IMS is configured todeliver mail using Domain Name System (DNS) for address resolution, and the LANis connected to the Internet via a permanent connection (for example, a T1 lineto an Internet Service Provider--ISP). Figure 1 also shows an SMTP/POP3 serveron the Internet at pop3.dcnw.com. SAKES is running Internet Shopper's NTMail onthis server and has four POP3 clients installed.

This configuration, which has been available since Exchange Server 4.0,supports Exchange users trading mail with users on the Internet. The Exchangeusers in the SAKES organization are running the Exchange client configured withthe Exchange Server delivery service; the IMS on Kifissia converts all mailbetween the Internet and Exchange users. For example, when Exchange user Georgesends mail to Internet user Judy, his mail is in an Exchange proprietary formatuntil it reaches the IMS on Kifissia. The IMS translates George's mail intonative SMTP format before forwarding it to Judy on the Internet. The processoccurs in reverse when Judy replies to George. (Chapter 2, "SMTP MailBasics," of my book describes this interchange in detail.)

All users in the SAKES organization use the Exchange client configured withthe Exchange Server service to send and retrieve their mail. This processrequires that users have an authenticated remote procedure call (RPC) connectionto Kifissia. This requirement is restrictive for Exchange users who need toaccess their mail from a remote location. The RPC connection is also a problemif you want to support third-party email clients, such as Eudora or Pegasusmail.

Figure 2 shows a common scenario. The Exchange user Chrisconnected to the Internet from a remote location, perhaps by dialing in to alocal ISP from a hotel room or connecting through a LAN at a customer'slocation. Achieving an RPC-based connection to the Exchange Server under theseconditions is relatively difficult (but not impossible), and the standardExchange client configuration mentioned above is impractical. However, using thePOP3 support available in Exchange Server 5.0, Chris can access his mailbox tosend and receive mail without an RPC connection.

Installing POP3 Support
You install POP3 when you install Exchange Server 5.0. During theinstallation, you pick the protocols you want to support. The installed siteshows these protocols--in Screen 1, all the new Internet protocols--ina new container at the site level. If you double-click POP3 in the right window,you can configure the default properties for the POP3 access to the Exchangemailboxes.

The General tab of the POP3 Properties dialog box, shown in Screen 2,lets you specify whether the Exchange Server will provide POP3 access tomailboxes. If you enable the protocol, you can specify other parameters from theremaining tabs. For example, the Authentication tab lets you specify how clientscan authenticate themselves to the server to gain access to the mailbox.Exchange 5.0 supports two methods to authenticate clients. The first, Basic(Clear Text), refers to the standard method supported by the Request forComments (RFC) 1225. Users who want to use a POP3 mail client such as Eudora todownload their mail connect to the Exchange Server over TCP/IP. After the serveracknowledges the connection, the POP3 client sends the command

user

followed by a carriage return and linefeed. The server responds with either+OK or -ERR, depending on whether the server finds that username. The clientthen responds with

pass

again followed by a carriage return and linefeed. If the password iscorrect, the client can send further commands to retrieve and delete mail.Notice that the authentication is in clear text; that is, all the text is inpure 7-bit ASCII.

Clear text is the Internet standard for POP3, and all the standardclients--Eudora, Pegasus, the Exchange client with the IMS installed, and theproprietary mail clients that you buy at your local computersuperstore--implement clear text. It is, however, clearly insecure. Anyonewatching the bits on the network with a sniffer (for example, the MicrosoftSystems Management Server--SMS--Network Monitor) can read your entire message asit goes by.

The second authentication method is the Windows NT Challenge/Responsesequence. Challenge/Response uses an encrypted method for logging on to anExchange Server over the Internet and requires an email client that supports theauthentication mechanism. The number of third-party clients that supportChallenge/Response is limited: Microsoft euphemistically says that clients are "forthcoming,"though I have yet to see one. But the method is secure.

The Message Content tab in the POP3 Properties dialog box lets you providea default message-encoding format. In Exchange Server 5.0, the default encodingscheme can be one of several variations on MIME, Binhex, or uuencode; and thedefault language can be one of the character sets Exchange Server supports. Youcan override these defaults at the individual mailbox level or the messagelevel.

The final tab is Idle Time-out. You can use this tab to specify whether theserver will disconnect users who are on the system for extended periods withoutany activity. This capability is useful if you want to prevent users fromlogging on and leaving the connection current for a long time while they dosomething else, thereby unnecessarily hogging your resources (such as memorycontrol blocks and handles).

Although you configure POP3 support at the site level, you can override thesite-level configuration at the server level. If you drill down to the serverlevel in the Exchange Administrator, you will see a Protocols object. TheProtocols object lets you specify the default POP3 support for your site butchange the POP3 support server by server, if necessary.

The basic tabs in the POP3 Properties dialog box at the server level arethe same as those at the site level. You can enable or disable the protocol atthe server level, too. For example, you can set up a site where users on only acouple of servers have POP3 access; this mechanism controls message routing andreduces the number of machines to which you need to provide TCP port 110pass-through on the routers. In addition, the General tab contains a check boxthat lets you specify that you want the servers to inherit all the values fromthe site-level object, to simplify configuring default servers.

You can override the default site- or server-level settings at the mailboxlevel, as well. Screen 3 shows the Protocols tab for the mailbox of user Chrisat the Athens site. (Figure 2 shows where Chris fits in the SAKES organization.)You can enable or disable POP3 support for this individual mailbox, independentof the site or server defaults. If you enable POP3 support, you can use themessage encoding format default for the site or provide a different setting forthis user only.

Testing with Telnet
After you set up the Exchange Server to support POP3 access to a mailbox,you need to test it. The easiest way to test the support is to use Telnet tomake a TCP connection to port 110 of the Exchange Server and manually send thecommands as if you were a POP3 client trying to download mail for a specificuser. (For tips about using Telnet, see John Enck, "Stupid Telnet Tricks,"February 1997.) Screen 4 shows the start of an interactive Telnet sessionattempting to connect to port 110 of the server kifissia.sakes.com, as the RFCgoverning POP3 requires.

This Telnet session will connect only if kifissia.sakes.com is running aPOP3 service (for example, Exchange Server with the IMS installed, configured,and running and POP3 installed). In addition, of course, you must define thehost name kifissia.sakes.com in the DNS or a local hosts table. If thisconnection succeeds, you can test the POP3 support on kifissia.sakes.com bysending commands to the server to download mail. Listing 1 shows the sequence ofsuch an interactive session.

If you configure the POP3 support on the Exchange Server correctly, whenyou make a connection to port 110 of the server, the server sends back a +OKmessage to confirm that it is listening on that port. If the server is down, theTelnet session won't succeed (you'll get a timeout error), and you'll have totry again later. Once you make the connection, identify the user. In Listing 1,you see the command

user chris

The server confirms that it has a mailbox for that user, and you send thecommand

pass

where is the password for Chris's mailbox. If the passwordis correct, the server locks the mailbox for exclusive access, and the clientcan retrieve and delete messages. Entering

list

displays how many messages Chris has, and entering

retr 2

retrieves the second message.

In this case, Chris has a message from George, another Exchange user, thatsays, "Can you read this?" After you download the message (and savethe transfer to disk), you can delete the message (with the command dele 2), andquit the session (with the command quit).

Testing POP3 support with Telnet is quick and direct. If you haven'tconfigured the POP3 service on the Exchange Server correctly and you haven'tinstalled POP3, the Telnet session will fail. Using Telnet to test POP3 supporteliminates other potential sources of error, such as errors in configuration ofthe POP3 clients.

Configuring POP3 Clients
After you test the POP3 installation, you can configure the Exchange clientfor POP3 access to the mailbox. Figures 1 and 2 (page 82) show Exchange userChris who needs to access his mailbox from both the LAN and the Internet. Inthis case, you can configure two profiles for Chris's Exchange client, one withthe Exchange Server service and one with the IMS. Configuring one profile withboth services is redundant on the LAN and slow to load up when the user is onthe Internet because the user has to wait for the Exchange Server service totimeout. The IMS is the POP3 client for the Exchange client and is availableeither with Microsoft Plus! for the Windows 95 Exchange client or with NT 4.0.

To configure IMS in an Exchange client, you create a profile and add IMS tothe list of delivery services. First, select Services from the client's Toolsmenu and from the Services dialog box (shown in Screen 5), click Add, and thenselect IMS from the list of services. To configure the connection between theclient and the POP3 server, click Properties to bring up the Internet Mailproperties window, shown in Screen 6.

To reach the POP3 server, the client needs to know either the IP address orthe host name of the server. You can fill in the Internet Mail server box withthe host name of the server if the client is using DNS and the server's name isregistered in the DNS. Screen 6 shows the client pointed to the Exchange serverkifissia.sakes.com. If the server isn't in the DNS, you can enter its IPaddress. If you register with an ISP for a POP3 mail account, the ISP will tellyou the name of the mail server.

Next, you need to configure the client to request mail for a specific userby entering the mailbox name and the correct password for that user.

The Advanced Options button lets you send outbound mail to a differentserver from the one specified in the Internet Mail server box. This option isuseful if you configure some servers specifically for outbound mail and othersfor inbound.

The Connection tab, shown in Screen 7, lets you specify how the clientphysically connects to the server. If you can connect your desktop to the remoteserver's network before bringing up the client (for example, if you are on a LANconnected to the Internet, or you have already used RAS to connect to an ISP),select Connect using the network. With this option, the client canimmediately create a port 110 connection to the server and download mail withoutdialing the server first. If you have not already connected to the ISP'snetwork, select Connect using the modem and configure an entry in theRAS phone book for the ISP.

After you have configured the Internet Mail delivery service in the client,you can launch the profile and retrieve mail from the Exchange Server using POP3over the Internet. This process eliminates much of the hassle of retrieving yourmail while you're on the road and eliminates a need for maintaining a bank ofmodems at the office to support dial-in connections to the LAN.