locked
Exchange 2007 POP3 Client access configuration RRS feed

  • Question

  • Sorry for the second post in a week on Ex2007, but I'm at my wits end with this and need some more help.

    How do you configure POP3 client access on the server?  I realize that MS doesn't see POP3 as an important service anymore, but we still use it for our help desk application.  The MSExchangePOP3 service is running, but it will not accept any POP3 requests from clients.  The error received from the server is: 

    There was a problem logging onto your mail server. Your User Name was rejected. Account: 'frciex', Server: 'frciex', Protocol: POP3, Server Response: '-ERR Command is not valid in this state.', Port: 110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC91

    Here is what I've done:

    Started the MSExchangePOP3 service.

    Ran "start-service MSExchangePOP3" from the shell (I realize this is the same thing as above)

    Changed:  LoginType  : PlainTextLogin

    Here is a listing of my POP3 settings:

    Name                              : 1
    ProtocolName                      : POP3
    MaxCommandSize                    : 40
    MessageRetrievalSortOrder         : Descending
    UnencryptedOrTLSBindings          : {0.0.0.0:110}
    SSLBindings                       : {0.0.0.0:995}
    X509CertificateName               : frciex
    Banner                            : Microsoft Exchange Server 2007 POP3 service
                                         ready
    LoginType                         : PlainTextLogin
    AuthenticatedConnectionTimeout    : 00:30:00
    PreAuthenticatedConnectionTimeout : 00:01:00
    MaxConnections                    : 2000
    MaxConnectionFromSingleIP         : 2000
    MaxConnectionsPerUser             : 16
    MessageRetrievalMimeFormat        : BestBodyFormat
    ProxyTargetPort                   : 110
    CalendarItemRetrievalOption       : iCalendar
    OwaServerUrl                      :
    MinAdminVersion                   : -2147453113
    AdminDisplayName                  :
    ExchangeVersion                   : 0.1 (8.0.535.0)
    DistinguishedName                 : CN=1,CN=POP3,CN=Protocols,CN=FRCIEX,CN=Serv
                                        ers,CN=Exchange Administrative Group (FYDIB
                                        OHF23SPDLT),CN=Administrative Groups,CN=Fir
                                        st Organization,CN=Microsoft Exchange,CN=Se
                                        rvices,CN=Configuration,DC=mydomain,DC=local
    Identity                          : FRCIEX\1
    Guid                              : c8f19609-64c1-476f-a199-286b96aaf331
    ObjectCategory                    : mydomain.local.local/Configuration/Schema/ms-Exch-Prot
                                        ocol-Cfg-POP-Server
    ObjectClass                       : {top, protocolCfg, protocolCfgPOP, protocol
                                        CfgPOPServer}
    WhenChanged                       : 1/4/2007 6:38:51 AM
    WhenCreated                       : 12/29/2006 11:41:15 PM
    OriginatingServer                 : dc2.mydomain.local
    IsValid                           : True

    The server is responding but it acts like the password is bad.  I know the password being sent is correct.

     

     

    Thursday, January 4, 2007 2:39 PM

Answers

  • Hi Guys,

    There is no reason being scared about configuring pop3 service for Exch2K7. Just do the right thing.  Here is, step by step how to  configure it.

    How to Configure POP3 Service for Exchange 2007
    -------------------------------------------------------------------
    1. Set MSExchangePOP3 service to automatic
    Set-service msExchangePOP3 -startuptype automatic

    2.Configure IP Address and Port for POP3

    a.To set the IP address and port for communicating with Exchange using POP3 with SSL, run the following command:
        Set-PopSettings -SSLBindings: IPaddress:Port

    b.To set the IP address and port for communicating with Exchange using POP3 with no encryption or Transport Layer Security (TLS) encryption,   
        Set-PopSettings -UnencryptedOrTLSBindings IPaddress:Port

    3.Configure POP3 Authentication - POP3 (110) /POP3 SSL (995)

    a.If you will not be using TLS encryption and you want to allow Basic authentication on an unsecured port, run the following command:
       Set-PopSettings -LoginType PlainTextLogin

    b.If you will not be using TLS, but you want to restrict Basic authentication to use only secured ports, run the following command:
       Set-PopSettings -LoginType PlainTextAuthentication

    c.If you want to use TLS encryption before authentication, run the following command:
       Set-PoPSettings -LoginType SecureLogin

    4.Enable POP3 Protocol for the User Mailbox

    Set-CasMailbox MailboxName -Popenabled:$true

    5.Configure the SMTP Receive Connector on the Exchange Server to Allow Anonymous in order to send Email using the following command:
    Set-ReceiveConnector "Servername\default Servername" -PermissionGroups
    “ExchangeServers,ExchangeUsers,ExchangeLegacyServers,AnonymousUsers"

    6.Restart the Microsoft Exchange POP3 Service
       Restart-service MSExchangepop3

    Enjoy it!

    • Proposed as answer by Morne Sturgeon Wednesday, December 2, 2009 1:41 PM
    • Marked as answer by Mike Crowley Tuesday, March 22, 2011 1:02 AM
    Wednesday, March 21, 2007 2:14 AM

All replies

  • A few thoughts to get you started:

    1) Make sure you're not using the built-in administrator account.  This account is explicitly blocked from POP3/IMAP4/SMTP for security reasons.

    2) Try specifying the username as DOMAIN\accountname\exchangealias.

    3) Check the client or server protocol log and verify that the command sequence looks valid.

    HTH,

    -Scott

    Thursday, January 4, 2007 4:18 PM
  • Thanks for the reply.  Any help is much appreciated.

    1) - I am not logging in as the built-in admin account.

    2) -  For login credentials I tried:

    -   mydomain\username

    -   mydomain.local\username

    -   username

    -   mydomain\username\exchange alias

    No luck on the above.

    3) - I don't see any POP3 protocol log on the exchange server.  Is there a default path or would it be in C:\Program Files\Microsoft\Exchange Server\Logging?

     

    Thanks.

    Thursday, January 4, 2007 8:26 PM
  • Hopefully the logging will tell us something then.

    Find the Microsoft.Exchange.Pop3.exe.config file and you can set the logging to true and location to whatever you desire (I believe the default location is the one you gave).  The values look like this:

      <add key="ProtocolLog" value="true" />
      <add key="LogPath" value="C:\Program Files\Microsoft\Exchange Server\Logging" />

    Thursday, January 4, 2007 9:05 PM
  • Scott,

    Thank you very much for the help.  Well, i changed the config file per your request, restarted POP3 service, and then tested.  Believe it or not...it is now working.  I will assume that my change to:

    LoginType  : PlainTextLogin

    must have been the culprit and it just needed the POP3 service restarted.  Does that make sense to you?


    Thanks so much for the help and patience.

     

    pd

    Thursday, January 4, 2007 9:26 PM
  • That makes complete sense.  Unfortunately, these services require a restart to pick up configuration changes.
    Friday, January 5, 2007 4:26 PM
  • Pat,

     

    I'm not much on Exchange and I'm having the same problem.  Weird thing is that it was working and (in the words of every user) "I didn't change a thing" and it quit.

    Where exactly do you make the change of the login type shown above.  I looked at the config files and the MMC but didn't find it.

     

    Thanks

     

    Charles

     

    Friday, January 12, 2007 10:51 PM
  • Pat,

     

    I'm not much on Exchange and I'm having the same problem.  Weird thing is that it was working and (in the words of every user) "I didn't change a thing" and it quit.

    Where exactly do you make the change of the login type shown above.  I looked at the config files and the MMC but didn't find it.

     

    Thanks

     

    Charles

     I apologize for the duplicate post but I wasn't sure if the alert would take.

    Friday, January 12, 2007 10:55 PM
  • this has to be done through the Exchange Management Shell

    open that and run "Get-PopSettings"

    LoginType will be SecureLogin

    to change enter:

    Set-PopSettings -LoginType PlainTextLogin

    restart the POP3 service to make the change working.

    Sunday, January 14, 2007 5:56 PM
  •  

    Thanks, it worked like  a charm.

     

    Charles

    Monday, January 15, 2007 12:46 AM
  • Thanks for this post about Administrator. I had not seen this in any documentation. The Adminsitrator is normally all powerful. I was using the ADminsitrator to test the connection and was beating my head agaiinst the wall as to why it wouldn't authenticate.

     

    This si a real dumb move to bury POP3 and IMAP. There are lots of outside people who need to touch a Exchange server jsut to get eamail.

    Monday, January 29, 2007 3:57 AM
  • Dear Sir, I have exchange server at work and i want to connect to it from home. How can I setup POP3 at home.
    Sunday, February 11, 2007 8:07 PM
  • to get POP3 access, allow TCP port 110 from your home to the exchange server.
    Sunday, February 11, 2007 8:16 PM
  • Hello.
    In my case all i had to do is to restart pop3. (i modified logontype as PlainText before)

    No changes in config files.
    Thursday, February 15, 2007 1:05 PM
  • I had everything working after changing to "Plaintextlogin" and a restart of the service. The scary thing is that after a few days it stopped working and I had to restart the service once again to get it working.

    Something is not right with pop3 on E07!!

    /Chris

     

    Tuesday, March 20, 2007 1:49 PM
  • Hi Guys,

    There is no reason being scared about configuring pop3 service for Exch2K7. Just do the right thing.  Here is, step by step how to  configure it.

    How to Configure POP3 Service for Exchange 2007
    -------------------------------------------------------------------
    1. Set MSExchangePOP3 service to automatic
    Set-service msExchangePOP3 -startuptype automatic

    2.Configure IP Address and Port for POP3

    a.To set the IP address and port for communicating with Exchange using POP3 with SSL, run the following command:
        Set-PopSettings -SSLBindings: IPaddress:Port

    b.To set the IP address and port for communicating with Exchange using POP3 with no encryption or Transport Layer Security (TLS) encryption,   
        Set-PopSettings -UnencryptedOrTLSBindings IPaddress:Port

    3.Configure POP3 Authentication - POP3 (110) /POP3 SSL (995)

    a.If you will not be using TLS encryption and you want to allow Basic authentication on an unsecured port, run the following command:
       Set-PopSettings -LoginType PlainTextLogin

    b.If you will not be using TLS, but you want to restrict Basic authentication to use only secured ports, run the following command:
       Set-PopSettings -LoginType PlainTextAuthentication

    c.If you want to use TLS encryption before authentication, run the following command:
       Set-PoPSettings -LoginType SecureLogin

    4.Enable POP3 Protocol for the User Mailbox

    Set-CasMailbox MailboxName -Popenabled:$true

    5.Configure the SMTP Receive Connector on the Exchange Server to Allow Anonymous in order to send Email using the following command:
    Set-ReceiveConnector "Servername\default Servername" -PermissionGroups
    “ExchangeServers,ExchangeUsers,ExchangeLegacyServers,AnonymousUsers"

    6.Restart the Microsoft Exchange POP3 Service
       Restart-service MSExchangepop3

    Enjoy it!

    • Proposed as answer by Morne Sturgeon Wednesday, December 2, 2009 1:41 PM
    • Marked as answer by Mike Crowley Tuesday, March 22, 2011 1:02 AM
    Wednesday, March 21, 2007 2:14 AM
  • WOW tnks very mutch!!!
    this post has been risolutive for me.
    When i access to my account pop3 i got this message:

    "command is not valid in this state"

    with this command:

    Set-PopSettings -LoginType PlainTextLogin

    I solve the problem.
    For advanced access (TLS etc) i can configure now the server correctly.

    Bye.


    Wednesday, September 19, 2007 8:51 PM
  • Hey Chris,

     

    All you have to do to get your pop3 clients to work is 1. enable the mailbox in quesiton by opening the exchange shell and type:  set-CASMailbox <username> -PopEnabledEmbarrassedTrue    (enter)

    Then restart the pop3 service and you will be in business.


    Also, you might have to review the client side configuration depending on what ever client you are using. But with exchange out of the box, if you do the above step, it will work as I had the exact same problem and it now works.

     

    Dan

     

    Monday, October 1, 2007 10:31 PM
  •  

    in point 2 what ip address we put and what port number ? i use isa to publich the exchange totally so will i put the public ip of the ISA ? or the internal ip of the exchange or what ? any help plz ?
    Monday, October 29, 2007 10:20 PM
  • thanx a lot, worked for me 2!

     

    is secure login possible?

    when i switch to it, the old error comes again....

     

    btw - i restarted the service Wink

     

    cheers,

    leftix

    Tuesday, November 6, 2007 9:48 PM
  • Hi,

     

    We're having some difficulty enabling POP in Exchange 2007.  Our POP3 configuration is attached below.  Any assistance you can offer would be appreciated.  One additional question; I presume we should be using our internal private address when configuring the bindings, correct?  We'd like to allow clear text authentication.

     

    Thanks in advance.

     

    /Mike

     

    Name                              : 1
    ProtocolName                      : POP3
    MaxCommandSize                    : 40
    MessageRetrievalSortOrder         : Descending
    UnencryptedOrTLSBindings          : {192.168.100.2:110}
    SSLBindings                       : {192.168.100.2:110}
    X509CertificateName               : Server1
    Banner                            : Microsoft Exchange Server 2007 POP3 service
                                         ready
    LoginType                         : PlainTextLogin
    AuthenticatedConnectionTimeout    : 00:30:00
    PreAuthenticatedConnectionTimeout : 00:01:00
    MaxConnections                    : 2000
    MaxConnectionFromSingleIP         : 2000
    MaxConnectionsPerUser             : 16
    MessageRetrievalMimeFormat        : BestBodyFormat
    ProxyTargetPort                   : 110
    CalendarItemRetrievalOption       : iCalendar
    OwaServerUrl                      :
    MinAdminVersion                   : -2147453113
    AdminDisplayName                  :
    ExchangeVersion                   : 0.1 (8.0.535.0)
    DistinguishedName                 : CN=1,CN=POP3,CN=Protocols,CN=SERVER1,CN=Ser
                                        vers,CN=Exchange Administrative Group (FYDI
                                        BOHF23SPDLT),CN=Administrative Groups,CN=NS
                                        CLC,CN=Microsoft Exchange,CN=Services,CN=Co
                                        nfiguration,DC=NSCLC,DC=org
    Identity                          : SERVER1\1
    Guid                              : 2e7b0d26-ff4f-4f16-b14c-a16c0fd2cce4
    ObjectCategory                    : NSCLC.org/Configuration/Schema/ms-Exch-Prot
                                        ocol-Cfg-POP-Server
    ObjectClass                       : {top, protocolCfg, protocolCfgPOP, protocol
                                        CfgPOPServer}
    WhenChanged                       : 11/19/2007 11:29:16 AM
    WhenCreated                       : 11/16/2007 11:19:38 PM
    OriginatingServer                 : Server1.NSCLC.org
    IsValid                           : True

    Monday, November 19, 2007 9:01 PM
  • you cannot have the UnencryptedOrTLSBindings and SSLBindings on the same tcp port.
    change the
    SSLBindings port back to the default, 995, en restart the pop3 service.

    first:
    Set-PopSettings -SSLBindings 0.0.0.0:995
    second:
    Restart-Service -Name MSExchangePop3

    then you should be ok.

    my bindings are on all ip's ( 0.0.0.0 that is ) it's both ok.

    Monday, November 19, 2007 11:41 PM
  • The port settings required for connecting the to the exchange server is little bit hard to understand.

    hi anybody there, to tell this thing authoritatively IN THE FOLLOWING FORMAT, sheriefes@gmail.com

     

    In single-machine environemnt

    PROTOCOL                     PORT (without SSL)            PORT (with SSL)

     

     

    In multiple-machine environemnt

    PROTOCOL                     PORT (without SSL)            PORT (with SSL)

    Wednesday, April 9, 2008 4:25 AM
  • hi,

            

     

    Thank you very very much for giving this .............

                                                                                          binu mohammed haneef

                                                                                           IT Engineer, UAE

    Wednesday, April 9, 2008 9:44 AM
  •  

    Thank you very much for the instruction, solved our fault we had here aswell.

     

    Best regards,

     

    /Johan

    Tuesday, April 29, 2008 9:41 AM
  • Just wanted to send my thanks as well. I was good until two days ago. Been kicking my butt ever since until I found these posts.

     

    Thanks

    Tuesday, May 20, 2008 5:04 AM
  • Appropriate to this thread:

     

    What about smtp authentication?

     

    I deal with several places where anonymous smtp relay isn't allowed even inside the organisation.

     

    Untested - but I assume the "ExchangeUsers" authentication on the hub transport will allow any client to authenticate and sent smtp on the hub transport server. But what about internet clients.

     

    POP3 and IMAP can be published via ISA, but how would said clients send e-mail via smtp (using a local ISP will not be acceptable as they are very mobile ...). Can they authenticate on the edge transport server using the AD copy on ADAM?

     

    thanks,

    Tuesday, May 20, 2008 12:47 PM
  •  

    Jason,

     

    Anonymous relay isn't allowed by default within an organization. One reason is that it would allow spoofing, which most organizations wouldn't be too happy with. Another is that it's hard to tell by default whether the Hub server is facing the Internet. If so, the system would be an open relay. It's for those 2 reasons why the default is to not allow anonymous relay.

     

    About the untested assumption - With that setting PermissionGroups includes 'ExchangeUsers', any authenticated user (except for certain well-known accounts such as administrator) would be allowed to submit messages. For Internet clients, the company would have to make the Hub server available to the Internet, and the user would (well really really really should) have to authenticate to allow the server to relay. A good blog how to configure this can be found here:

     

    http://msexchangeteam.com/archive/2006/11/17/431555.aspx

     

    -Wilbert

     

    Wednesday, May 21, 2008 6:55 AM
  • I am new to exchange, I need some help here, when i run get-popsettings I get the results below.  Everything appears to up and running but i'm not seeing all the config.  I ran set-service msexchangePOP3 -startuptype automatic and start-service -service msexchangePOP3 and all appears to be fine.  I can even see the settings in EMC which appear to be correct.


    [PS] C:\Documents and Settings\administrator.myDomain>get-popsettings

    UnencryptedOrTLSBindings  SSLBindings   LoginType     X509CertificateName
    ------------------------  -----------   ---------     -------------------
    {0.0.0.0:110}             {0.0.0.0:995} SecureLogin   myServerName

     

    I am not actual sure what would be the actual outlook settings when not on the myDomain?  With in myDomain, i I type in myServerName then both in and out work like a champ.  Not real sure what I'm missing.  Please provide insight, it's always apprecitated.

     

    Thank you


    Tuesday, June 24, 2008 5:14 AM
  • What you're seeting is normal for the default POP3 status.  If you are looking to run the set commands, you can do so safely at this point. 

     

    The default length is set to 40.  To set the length to 50, for example, you would type:

     

    Set-POPSettings -MaxCommandSize 50

     

    I hope this helps.

     

    Thanx,

    Fred

    Monday, July 7, 2008 1:45 PM
  • Does anyone know how to resolve -Err Unable to lock mailbox?

     

     

     

    Monday, November 3, 2008 8:56 PM
  • works great thanks gents!!
    Wednesday, October 28, 2009 4:02 PM
  • This problem occurs if your Internet Service Provider (ISP) limits the number of POP3 connections that you can make at the same time. To work around this problem you can separate your POP3 accounts into smaller Send/Receive groups, and then connect with each Send/Receive group separately.

     

    To get more instructions on this refer: http://www.omnitechsupport.com/forum/topic/1101/0x800ccc90-your-incoming-pop3-email-server-has-reported/
    Monday, March 29, 2010 5:54 AM
  • POP3 and IMAP can be published via ISA, but how would said clients send e-mail via smtp (using a local ISP will not be acceptable as they are very mobile ...). Can they authenticate on the edge transport server using the AD copy on ADAM?

    Jason - not unless it's domain joined, which it should not be.

    "This authorization can be done by Edge only if it is in the domain. Since is not be the most common configuration, the Hub role may be more suited for this purpose."

    src: http://msexchangeteam.com/archive/2007/05/16/439093.aspx



    Mike Crowley
    Check out My Blog!

    Tuesday, September 21, 2010 12:35 AM