By default Microsoft Exchange 2010 requires you to use TLS Encryption "Secure POP" for authentication to work. If your organisation does not require Secure POP then by default your users will not be able to login. They will receive the following error when attempting to access POP3 services through Outlook.
Log onto incoming mail server (POP3): Your e-mail server rejected your user name. Verify your user name for this account in Account Settings. The server responded: -ERR Command is not valid in this state.
After you change your Pop settings your users will now be able to authenticate over TCP110.
Log onto incoming mail server (POP3): Your e-mail server rejected your user name. Verify your user name for this account in Account Settings. The server responded: -ERR Command is not valid in this state.
To allow POP3 to authenticate using standard POP3 you must change teh authentication level as per:
The default setting is "SecureLogon". Below are the various settings:
This example allows Basic authentication on an unsecured port if you won't be using TLS encryption.
Set-PopSettings -LoginType PlainTextLogin
This example restricts Basic authentication to use only secured ports if you won't be using TLS encryption.
This example restricts Basic authentication to use only secured ports if you won't be using TLS encryption.
Set-PopSettings -LoginType PlainTextAuthentication
This example allows authentication after you use TLS encryption.
This example allows authentication after you use TLS encryption.
Set-PopSettings -LoginType SecureLogin
If you configure use PlainTextLogin users can send their Active Directory password over the internet unencrypted.
If you plan on not using TLS, I always recommend using PlainTextAuthentication which allows users to send the password over the internet without using TLS. This however does require your users configuring "Require logon using Secure Password Authentication (SPA)" under Outlook.
Important: If you have a user account that is an Administrator in your Exchange environment they will NOT be able to login. This is due to security, POP3 authentication is not deemed as Secure by Microsoft and as a result Microsoft have prevented Administrative users from authenticating over the internet using POP to avoid administrative credentials leeking.
Important: You must restart the POP3 service for configuration changes to take effect.
How fortunate I am that I was able to read this post. I got a lot of knowledge I’ve been looking for. Thanks a lot for posting this.
ReplyDeletebulk email server
Thank you veryy veryy much for the information.
ReplyDeleteThe great point in your thread was the information about Admin accounts. I was using an admin account to teste pop connections but i didn't know that this kind of accounts was not able to logon through pop.
Thank you
Thanks for imparting your knowledge on these technical applications. By the way, you might want to share your ideas on anti-spam applications as well?
ReplyDeletei got a clue to this admin restriction when i looked at the pop3 log
ReplyDeleteit said "well known account"
Email servers are indeed a very important communication tool.
ReplyDeleteGmail is the best service in the world. It is excellent. Good keep it up. Thnx!! Gmail Technical Support You can reach Acetecsupport at their Call Toll Free No +1-800-296-4296 For US/CA.
ReplyDeleteYou are BOSS ;)
ReplyDeleteThanks
Regards
Very Nice. It took me 2 days trying to figure out why and why !!!
ReplyDeleteProblem fixed when I got to this page.
Thanks much
Loc
along with over 100 million calendar events and 25 million contacts. gmail sign
ReplyDeleteThank you sharing. I like it Máy lạnh giấu trần nối ống gió Kendo
ReplyDelete