Disabling SSL for IMAP/POP3 on Exchange 2007
Gopherhockey
only to find that it won't answer anything but an SSL request.
This is fine internally, but for my windows mobild and for other clients I
have that don't have access through anything but the non-ssl port 143 (for
imap, as an example) how can I disable the requirement of SSL?
I thought about re-binding the ssl port to 143, and looked at a lot of the
settings that can be done using set-imapsettings but nothing appears to allow
a person to just disable SSL as a requirement.
The LoginType doesn't appear to have anything to do with this. I can set it
to plaintextlogin but the server still won't listen to anything on port 143.
I realize SSL is a GOOD idea and that long-term its the way to go.. but for
now I want it back the way it was until I have time to do the cert thing
properly.
BTW: on my windows mobile (Cingular 8125) I can set it to use SSL and it
will prompt me with a bad certificate but will still work. its very
annoying though. For outlook express behind a firewall that only lets port
143 for imap, I'm stuck...
Ed Crowley [MVP]
them so that they do not require SSL. See Microsoft KB 821603.
--
Ed Crowley
MVP - Exchange
"Protecting the world from PSTs and brick backups!"
"Gopherhockey" <Gopher...@discussions.microsoft.com> wrote in message
news:4C01483E-F487-4F54...@microsoft.com...
Gopherhockey
MS has taken the GUI for POP and IMAP and removed them, so we're left with
finding out how to do this in commands, reghacks or adsiedit type of actions.
Simply changing the login type does not seem to turn off SSL.
What I have done for now to get around this is to bind port 993 AND 143 to
IMAP SSL, but I still get a banner warning.
One would think there would be a way to just turn it off.
Bharat Suneja [MVP]
set-imapsettings -UnencryptedOrTLSBindings:0.0.0.0:143 -LoginType:plaintextlogin
To remove the certificate association, try:
set-imapsettings -x509CertificateName:$null
--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------------------------
"Gopherhockey" <Gopher...@discussions.microsoft.com> wrote in message
news:FF0C765F-AF61-42D8...@microsoft.com...
Gopherhockey
still get the same results.
Here is what I see and how I am seeing it:
With Outlook Express, I go into the account settings (IMAP) and check the
properties. On the servers tab, I dno't need to set "Log on using Secure
Password Authentication" but on the advanced tab I have to click "This server
requires a secure connection (SSL)" or I get the error from Outlook express =
"Your Inbox folder was not polled for its undread count. The server has
refused the connection. Account 'domain.net', Server: 'domain.net',
Protocol: IMAP, Server Response: 'Connection is closed. 14' Port: 143,
Secure(SSL): No, Error Number: 0x800CCCD9
It seems the plaintextlogon does not determine the actual SSL port
connectiity but has more to do with login. With SSL in place, login wont
even happen.
I believe the plaintextlogon determines the "Logon using Secure Password
Authentication" but not the "This server requires a secure connection (SSL)"
setting. It almost seems that the abiltiy to turn off SSL in this way is
missing and/or is not a documented option.
I can fool the system by checking "this server requires a secure connection
(SSL)" and inputting the port manually as 143. I tried setting the cert to
null, and it broke communcation (same error as above). Once I put the cert
name back in, it worked. The SSL cert name is just the name of the server
itself.
Gopherhockey
binding I had done with SSL in my earlier attempt to "trick" SSL into using
port 143.
Once I removed this and again restarted IMAP it works now.
So ignore my last post - the plaintextlogin did the trick. Thanks!