Enabling and configuring the IMAP service port

In addition to enabling or disabling the IMAP TCP/IP or TLS port, you can change the port number, and enable or disable TCP/IP or TLS authentication options.

About this task

By default, IMAP clients connect to TCP/IP port 143 on the Domino® server. You might need to specify a different port number if there are multiple instances of the IMAP service on the host machine as, for example, on a partitioned server. You might also change the default port to a nonstandard port number to "hide" it from clients attempting to connect to the default port, or if another application uses the default port on the server. Disable the port or change the security options to prevent IMAP clients from accessing the Domino® server.

Configuring IMAP authentication options on servers that use Internet Site documents

About this task

On servers that use Internet Site documents, the IMAP service obtains port authentication settings from the Security tab of the IMAP Site document, rather than from the Server document. As a result, when Internet Site documents are used, the TCP/IP and TLS port authentication settings described in the procedures that follow are not available in the Server document. Settings in the Server document still provide the port numbers and status for the IMAP TCP/IP and TLS ports, and enable the IMAP ports to honor server access restrictions.

To determine whether the use of Internet Site documents is enabled for a server, check the value of the Load Internet configurations from Server\Internet Sites documents field on the Basics tab of the Server document. If this field is set to Enabled, the server uses Internet Site documents to configure all of its Internet protocols (IMAP, POP3, SMTP, and so forth).

If the server uses Internet Site documents, and an IMAP Site document is not present in the Domino® Directory, or the authentication options in a configured IMAP Site document are set to No, users cannot connect to the IMAP service. In each case, IMAP clients receive the error This site is not enabled on the server when attempting to connect to the IMAP service:

To enable the IMAP TCP/IP port

About this task

On servers with multiple TCP/IP ports, by default, the IMAP service uses the port listed first in the NOTES.INI file as the preferred path. If you want the service to use a port other than the default one, you can configure it to use a specific port.

Procedure

  1. From the Domino® Administrator, click the Configuration tab and then open the Server document for the server that runs the IMAP service.
  2. Click the Ports > Internet Ports > Mail tab.
  3. To enable the default TCP/IP port, in the Mail (IMAP) column, change the value of the TCP/IP port status field to Enabled.
  4. Click Save and Close or edit additional settings, as directed in the following procedure.

To configure the IMAP TCP/IP port

Procedure

  1. From the Domino® Administrator, click the Configuration tab and then open the Server document for the server that runs the IMAP service.
  2. Click the Ports > Internet Ports > Mail tab.
  3. In the Mail (IMAP) column, complete these fields, and then click Save & Close:
    Table 1. IMAP TCP/IP port fields

    Field

    Enter

    TCP/IP port number

    Choose 143 (default) to use the industry standard port for IMAP connections over TCP/IP. You can specify a different port, but 143 works in most situations. When specifying a nonstandard port, make sure the port is not reserved for another service. Port numbers can be any number from 1 to 65535.

    TCP/IP port status

    Choose one:

    • Enabled (default) - Allows IMAP clients to connect to the Domino® server without using TLS. Users must provide their name and Internet password to connect.
    • Disabled - Prevents IMAP clients from connecting to the Domino® server, unless they can connect using TLS.
    • Redirect to TLS - Denies access to clients connecting to the IMAP TCP/IP port, but returns a message indicating that they must connect over TLS. You can specify the contents of the message.
    Note: To support IMAP clients, either the IMAP TCP/IP port or the IMAP TLS port must be enabled, and the IMAP task must be running on the server.

    Enforce server access settings

    Choose one:

    • Yes - Access to the IMAP service is controlled by the server access settings on the Security tab of the Server document. Users who are not allowed to access the server cannot access mail through the IMAP service.
    • No - (default) The IMAP service ignores the server access settings in the Server document.
  4. Restart the IMAP task to put the new settings into effect.

To enable and configure the IMAP TLS port

Before you begin

Familiarize yourself with the Domino® security model and set up TLS on the Domino® server.

Procedure

  1. From the Domino® Administrator, click the Configuration tab and then open the Server document for the server that runs the IMAP service.
  2. Click the Ports > Internet Ports > Mail tab.
  3. In the Mail (IMAP) column, complete these fields, and then click Save & Close:
    Table 2. IMAP TLS port fields

    Field

    Enter

    TLS port number

    Choose 993 (default) to use the industry standard port for IMAP connections over TLS. You can specify a different port, but 993 works in most situations. When specifying a nonstandard port, make sure the port is not reserved for another service. Port numbers can be any number from 1 to 65535.

    TLS port status

    Choose one:

    • Enabled - Allows IMAP clients to connect to the IMAP service over TLS.
    • Disabled - (default) Prevents client connections over TLS.

    Authentication options: Client certificate

    If TLS port status is set to Enabled, choose one of the following:

    • Yes - Allows IMAP clients to connect using client certificate authentication.
    • No - (default) Prevents the IMAP service from using client certificate authentication.

    Authentication options: Name & password

    If TLS port status is set to Enabled, choose one of the following:

    • Yes - Allows IMAP clients to use name-and-password authentication when connecting to the IMAP service over TLS.
    • No - (default) Prevents IMAP clients from using name-and-password authentication over TLS.
  4. Restart the IMAP task to put the new settings into effect.