The IMAP service

The Domino® server supports the Internet Mail Access Protocol (IMAP4rev1), defined in RFC 2060, for reading mail. The Domino® IMAP service lets users with IMAP mail clients access mail files on a Domino® server. The IMAP service differs from the POP3 service in that users are not required to download messages to a local computer to read and manipulate them. Users can work with messages over the network, while the messages remain on the server.

The Domino® IMAP service acts as an intermediary for communications between IMAP mail clients and the Domino® mail server. By default, the IMAP service monitors TCP port 143 for IMAP client requests. After connecting to the IMAP service, IMAP mail clients can:

  • Access messages on the Domino® mail server
  • Retrieve messages from the Domino® mail server and store them locally
  • Copy messages for offline use and then later synchronize with mail on the server
  • View folders in another user's mail file or public folders in a shared database (requires a client that supports the IMAP NAMESPACE extension)

Supporting outbound mail service for IMAP clients

IMAP is a mail access protocol only and does not stipulate any method for sending mail. To ensure that IMAP users can send outbound mail, you must provide them with access to an SMTP server. The SMTP server can be the Domino® server running the IMAP service, another Domino® server, or a non-Domino SMTP server.

Authenticating with the server

When a user connects to the IMAP service, rather than verifying the user's identity by checking a Notes® ID file, the IMAP service uses name-and-password authentication, TLS, or both. Because Notes® ID files are not used, an IMAP user does not have to be a registered Notes® user. To access mail through the IMAP service, users need a mail file on the server and a Person document (including an Internet password) in the Domino® Directory. Only users who receive encrypted Notes® mail or access Domino® applications must be registered Notes® users. The IMAP service can authenticate users from entries in the primary Domino® Directory or any secondary directory used by the server.

To authenticate IMAP users, Domino® relies on authentication methods built into the Internet protocols. The methods available depend on the server ports you configure the IMAP service to use. The IMAP service can use a TCP/IP port, or a TLS port, or both the TCP/IP and TLS ports.

If IMAP uses the TCP/IP port only (the default), the server uses basic name-and-password authentication to identify users. The name under which a user can log in to the IMAP service must match one of several fields in the user's Person document. The set of names that the server accepts as valid depends on the setting in the Internet authentication field on the Security tab of the Server document.

If the IMAP TLS port is enabled, you can specify whether a client certificate is required to authenticate (TLS authentication), and whether clients must also supply a name and password.