Authentication

Use the Authentication property page to specify methods of authentication that POP3 clients use when connecting to Microsoft Exchange Server. Authentication is the process the POP3 server uses to determine whether to grant the user permission to connect to the system. By default, Microsoft Exchange Server allows a POP3 client to connect using any of the supported authentication methods.

One method of authentication that you can specify is Secure Sockets Layer (SSL) encryption. SSL encrypts all data sent between clients and servers. To use SSL, Microsoft Internet Information Server (IIS) must be installed on the Microsoft Exchange Server computer before Microsoft Exchange Server is installed, and the Microsoft Exchange Server service account must be granted Administrator permissions for the local computer. In addition, you must complete the following procedure.

1. In Internet Information Server Key Manager, choose the POP3 icon.
2. Create a key request by choosing Create New Key from the Key menu and typing the required information.
3. Obtain a certificate from a Certificate Authority.
4. Under POP3, select the key request, and then choose Install Key Certificate from the Key menu.
5. Select the default server connection, or enter the server's IP address to bind the key to any inbound connection.
6. From the Servers menu, choose Commit Changes Now, and then choose OK to commit all the changes.

For more information about setting up SSL, see your IIS documentation.

Getting to the Authentication property page

1. In the Administrator window, choose a site or server, and then choose Protocols.
2. Double-click POP3 (Mail) Site Defaults to configure site POP3 defaults, or POP3 (Mail) Settings to configure a server's POP3 settings.
3. Select the Authentication tab.

Setting Authentication Methods

Use the Authentication property page to specify the authentication method a POP3 client uses to access information on the Microsoft Exchange Server computer. In order for a POP3 client to log on to the Microsoft Exchange Server computer, one of the authentication methods that the client supports must be enabled on the server. Check with your client's vendor if you are unsure of which authentication methods are available.

1. Select the Authentication tab.
2. In the Authentication box, select an authentication type.

Option	Description
Basic (Clear Text)	Enable authentication through an unencrypted user name and password. Most POP3 clients support this method.
Basic (Clear Text) using SSL	Uses SSL protocol to encrypt clear text on port 995.
Windows NT Challenge/Response	Enable authentication through Windows NT network security and an encrypted password. This method is supported by Microsoft Internet Mail and News version 3.0 and later.
Windows NT Challenge/Response using SSL	Enable authentication using Windows NT network security to occur through an SSL-encrypted channel on port 995. This method is supported by Microsoft Outlook Express.
MCIS Membership System	Enable authentication using Windows NT network security to occur through the Microsoft Commercial Internet Server (MCIS) Membership System.

Note   If Windows NT Challenge/Response is enabled on the Microsoft Exchange Server computer, Microsoft Internet Mail and News version 3.0 attempts to connect to the Microsoft Exchange Server computer using Windows NT Challenge/Response. It ignores the specified POP3 account. If authentication using this method fails, Internet Mail tries to connect to the Microsoft Exchange Server computer using basic clear-text authentication and the specified POP3 account.

With Windows NT Challenge/Response and Internet Mail, it is not possible to specify the name of the Microsoft Exchange Server mailbox you want to access. By default, Microsoft Exchange Server attempts to access the mailbox associated with the Windows NT user account that the user is logged on as. For example, if you are logged on as Domain\Suzanf, with Windows NT Challenge/Response enabled, Microsoft Exchange Server attempts to access the mailbox called Suzanf.