0

On our Exchange 2010 POP3 is configured to only allow secure logon (TLS connection for authentification).

Now, the default port for "plain" POP3 is 110, and for POP3 with SSL is 995, hence with the given Exchange settings POP3 works only with SSL on 995, currently.

Additionally, the Exchange server passes through some requests to another email server, who accepts "plain text" authentification. Therefore, port 110 works in this case.

Suppose port 995 was blocked or can't be used for any reason, is it possible to configure Exchange to use both (unsecure POP3 and POP3 over SSL) on port 110?

I tried to do this, but it didn't work (error "SSL authentification failed due to unexpected packet format" / "server doesn't accept encryption type"):

TLS or unencrypted
- IPv4: 110
- IPv6: 110

SSL
- IPv4: 995
- IPv6: 955
- IPv4: 110 <-- I've added this

I feel I still don't fully understand this.

marsze
  • 467
  • 2
  • 6
  • 15

1 Answers1

2

Exchange already will use both secured and unsecured POP3 on port 110, as most modern POP3 servers do. Modern clients will use TLS for encryption on port 110, as your paste indicates (the "TLS or unencrypted" part). Nothing was wrong, why are you messing with it?

See section 4 of RFC 2595 which explains the STLS method used to "upgrade" to a secure connection.

Community
  • 1
David Schwartz
  • 31,449
  • 2
  • 55
  • 84
  • The client uses SSL, not TLS. And all I can tell is that POP3 with SSL on port 110 *didn't* work, only on port 995. – marsze Feb 14 '14 at 10:05
  • The client uses SSL if you tell it to, and indeed SSL on port 110 won't work. The client will use TLS too, assuming it's not ancient. The RFC I linked is from **1999** -- how old is your client?!?! Stop messing with it, nothing is wrong unless you keep breaking things. – David Schwartz Feb 14 '14 at 10:07