Hi,

I have configured POP and IMAP on Exchange 2013. The setting was configured that when unchecked server require authentication POP and IMAP working fine and in advance settings configured 995 and 587 with None.

If select the server require authentication receiving error on configuration. I would like to know that how can I secure my server to require authentication while sending emails or it is fine as SMTP 587 and POP 995 secure ports configured and no need to setup server authentication on SMTP setting. Please guide.

Hi Ed,

Thanks for your reply. The details are that I enable POP/IMAP on Exchange 2013 but the issue was client was not connecting with server on POP IMAP port. I strived a lot but couldn't get any success but at last opened case with Microsoft support and they made some changes in the server on POP IMAP settings and ran these commands for configuring POP IMAP session.

Get-SendConnector | Add-ADPermission -user "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "MS-Exch-SMTP-Accept-Any-Sender"

Get-ReceiveConnector | Add-ADPermission -user "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "MS-Exch-SMTP-Accept-Any-Recipient

After configuring this client was successfully connected and emails were working fine. On client side the settings made that uncheck server required authentication and the Incoming on Port 995 and outgoing 587 with None encryption.

I raised the query that server should be authenticate the guy replied that the incoming and outgoing are already secured ports and no need to configured it.

Please guide the reason I have is valid for this configuration or should I need to configured server authentication back in setting ?

POP and IMAP clients read mail from the server using POP or IMAP (one or the other, not both) and send outgoing mail using SMTP, preferably using port 587 with the client submission receive connector.

The first command you issued on the send connectors doesn't have any effect because clients don't connect to them.  They're for mail outbound from the server only.

The second command you issued has opened unauthenticated anonymous relay to everyone, which is potentially a great big security hole, especially if your Exchange server is directly connected to the Internet, in which case you'll find yourself blacklisted in short order.

None of that is necessary if you have clients configured to send SMTP with authentication over port 587 (TLS), unless you've messed up your client frontend receive connector.

So you mean that I should just leave the settings as it is and don't need to change any thing on current configuration ?

Yes, that's what I think I said pretty clearly three times already in this thread.  And I would remove the blanket permission you assigned for anonymous relay.