Today I came across a rather interesting archiving software. The software archives mails from the Exchange Server, is also compatible according to the manufacturer, but cannot handle a journal mailbox. The software has to access the users' mailboxes via POP or IMAP and requires read and write access to the users' mailboxes.
The manufacturer of the software therefore wanted to enter each mailbox in the archiving solution with the user's corresponding password. This is of course cumbersome, as users have to change their password every 3 months and then inform the manufacturer of the archiving solution of their new password.
After a few negotiations, we decided to use IMAP and a service account. Unfortunately, the software (I'm deliberately not mentioning it by name) doesn't work with IMAPS either, so only plain text login. In order to still achieve a reasonably secure connection, access to IMAP should be restricted accordingly on the firewall.
First, we change the start type of the "Microsoft Exchange IMAP4" service to "automatic start" and start the service:
Then continue in the Exchange Management Console, under Server Configuration -> Client Access switch to the POP3 and IMAP4 tab
Now double-click on IMAP4 in the list and select "Text login only" on the "Authentication" tab. This is necessary for the final Telnet test and the aforementioned mail archiving software. If the clients support it, "Secure login" should be selected at this point.
I have created a separate mailbox on the Exchange server for mail archiving, in this example I will use the "imapallusers" mailbox. First, we allow the user "IMAPALLUSERS" read and write access to the mailbox "Frank":
Add-MailboxPermission frank -User imapallusers -AccessRights FullAccess
The command would look like this for all users:
get-mailbox -resultsize unlimited | Add-MailboxPermission -User "administrator" -AccessRights FullAccess
Now the test with Telnet and IMAP follows (please note that the Telnet client may have to be installed first, but Putty also works perfectly).
First test the login via command line for the user IMAPALLUSERS and his own mailbox:
telnet smail01 143
? LOGIN frankysweb/imapallusers Secret123!
? LIST "" "*"
If everything is correct, we should now see the folders in the IMAPALLUSERS mailbox
Now the same test with the user IMAPALLUSERS and the mailbox Frank
telnet smail01 143
? LOGIN frankysweb/imapallusers/frank Geheim123!
? LIST "" "*"
The user IMAPALLUSERS is followed by the mailbox to be opened, in this case Frank. We should now see the folders from the Frank mailbox in the output.
As already mentioned, this configuration is only recommended in exceptional cases. In order to provide at least a little more security in the configuration, only the IP of the server for IMAP that has to retrieve the data has been allowed on the firewall. In addition, the IMAP mailbox feature has been deactivated for all other users and the IMAPALLUSERS user may only connect to the mailboxes via IMAP.
Servus Frank,
vielen Danke für deine tolle Tutoriale. Ich habe eine Frage: ich habe in der Domäne einen Exchange 2010 Server. Wie kann ich wissen IMAP und sein Port ?
Vielen Dank im Voraus.
Alan