Configuring the Outlook Express (OE) Mail Client

 

Outlook Express (OE) is a popular email client among remote users because the OE email client is available as part of almost all Windows operating systems in current use. OE supports the unsecured and secured versions of the SMTP, POP3, IMAP4 and NNTP protocols. You can allow remote users to use OE to connect to your published Exchange Server using any of these common email protocols.

 

You need to carry out the following procedures to take advantage of all the protocols that OE supports:

 

• Install the Root CA Certificate on the OE client
• Configure the OE client for secure SMTP and POP3 connections
• Configure the OE client for secure SMTP and IMAP4 connections
• Configure the OE client for secure NNTP connections

 

The remainder of this ISA Server 2000 Exchange Server 2000/2003 Deployment Kit article discusses the details of performing each of these steps.

 

Install the Root CA Certificate on the OE Client

 

The root CA certificate of the CA that issued the certificates to your secure sites must be in the user certificate store on the machine attempting to make a secure connection to the Exchange Server or secure SMTP relay. While it is possible to make a secure connection in some instances when the root CA certificate is not installed on the OE client, the user will be presented with error dialog boxes that may be confusing and generate Help Desk support calls. You can circumvent this problem by installing the root CA certificate on the OE client machine.

 

Please refer to ISA Server 2000 Exchange Server 2000/2003 Deployment Kit document How to Import the Root CA Certificate into Email Client Certificate Stores for details on how to import the root CA certificate into the OE client’s certificate store.

 

Configure the OE client for Secure SMTP and POP3 Connections

 

1. Open Outlook Express. By default no SMTP or POP3 services are configured (figure 1).

 

Figure 1

 

2. Click Tools and then click the Accounts command (figure 2).

 

Figure 2

 

3. In the Internet Accounts dialog box (figure 3), click the Add button (figure 3).

 

Figure 3

 

4. A fly-out menu appears after clicking the Add button (figure 4). Click the Mail command.

 

Figure 4

 

5. Type in your name in the Display name text box on the Your Name dialog box (figure 5).

 

Figure 5

 

6. Enter your email address in the E-mail address text box on the Internet E-mail Address page. Click Next (figure 6).

 

Figure 6

 

7. On the E-mail Server Names page, click the down arrow in the My incoming mail server is a server drop down list (figure 7). Select the POP3 option from the list.

 

Type in the IP address or the fully qualified domain name for the POP3 server in the Incoming mail (POP3, IMAP or HTTP) server text box. If you use an IP address, make sure this is the IP address on the external interface of the ISA Server firewall that you’re using in the POP3 Server Publishing Rule. If you use a FQDN, make sure this FQDN resolves to the IP address you’re using on the external interface of the ISA Server firewall to publish the POP3 service.

 

Type in the IP address or the fully qualified domain name for the SMTP server in the Outlook mail (SMTP) server text box. If you use an IP address, make sure this is the IP address on the external interface of the ISA Server firewall that you’re using in the SMTP Server Publishing Rule. If you use a FQDN, make sure this FQDN resolves to the IP address you’re using on the external interface of the ISA Server firewall to publish the SMTP service.

 

Note that you do not need to supply your own SMTP server if you choose to not publish an SMTP server on your internal network. Your users can use the SMTP server provided for them by their ISP.

 

Click Next to continue.

 

Warning:
If you intend to use a secure POP3 or SMTP connection, you must use a FQDN. In addition, this FQDN must be the same as the common name listed on the Web site certificate bound to the POP3 or SMTP service the OE client is connecting to.

 

Figure 7

 

8. On the Internet Mail Logon page (figure 8), enter the user name in the Account name text box and the password in the Password text box. Do not select the Log on using Secure Password Authentication (SPA) checkbox. Click Next.

 

Figure 8

 

9. Click Finish on the Congratulations page (figure 9).

 

Figure 9

 

10. Click Close on the Internet Accounts dialog box (figure 10).

 

Figure 10

 

11. Click the Tools menu and click the Accounts command (figure 11).

 

Figure 11

 

12. Click the Mail tab in the Internet Accounts dialog box (figure 12). Click the mail account you created for your SMTP/POP3 connection and click the Properties button.

 

Figure 12

 

13. On the mail account’s Properties dialog box (figure 13), click the Servers tab.

 

Type in your user name in the Account name text box. You do not need to enter a domain name because you have configured a default domain name at the POP3 server when you configured the Exchange Server’s POP3 service. If the user belongs to a trusted domain and not the same domain you configured in the default domain text box on the Exchange Server’s SMTP service, then you will need to enter the account name using the DOMAIN\User format. Enter a password for that user in the Password text box.

 

If you have configured an SMTP server for your users to use to relay email through and this SMTP server requires authentication, then put a checkmark in the My server requires authentication checkbox and then click the Settings button. This brings up the Outgoing Mail Server dialog box. Note that you have two option in the Outgoing Mail Servers dialog box: Use same settings as my incoming mail server and Log on using. If you have published a secure authenticating SMTP server, then its likely that this server belongs to the same domain as the Exchange POP3 server that you published. In that case, you should select the Use the same settings as my incoming mail server option. If for any reason alternate credentials are required to log onto the SMTP server, then select the Log on using option and enter the account name and password.

 

Click Apply.

 

Figure 13

 

14. Click on the Advanced tab (figure 14).

 

In the Server Port Numbers frame, put a checkmark in the This server requires a secure connection (SSL) and This server requires a secure connection (SSL) checkboxes.

 

Notice that OE still uses TCP port 25 for the secure connection. The secure SMTP publishing rule publishing the IIS or Exchange SMTP service can create a secure link on TCP port 25. The POP3 server must use an alternate port number, TCP port 995, which is the port the ISA Server firewall accepts incoming connection requests and forwards them to the same port on the Exchange Server.

 

Notice on this tab that you have the option to leave the messages on the server. This allows your clients to receive mail via POP3 when they connect from a remote location, but still have that mail available to them on the server if they need to use the full Outlook MAPI client at the office.

 

Click Apply and then click OK.

 

Figure 14

 

15. Click Close on the Internet Accounts dialog box (figure 15).

 

Figure 15

 

The OE client can now send mail to your secure SMTP servers and download mail from your secure POP3 servers.

 

 

 

Configure the OE Client for Secure SMTP and IMAP4 Connections

 

Perform the following steps to allow the OE client to make secure SMTP and IMAP4 connections to your published SMTP and IMAP4 server:

 

1.       Open Outlook Express (figure 16).

 

Figure 16

 

2.       Click the Tools menu and then click the Accounts command (figure 17).

 

Figure 17

 

3.       Click the Mail tab in the Internet Accounts dialog box and then click the Add button (figure 18).

 

Figure 18

 

4.       A fly out menu appears after clicking the Add button (figure 19). Click the Mail command.

 

Figure 19

 

5.       Type in your name in the Display name text box on the Your Name page (figure 20).

 

Figure 20

 

6.       On the Internet E-mail Address page (figure 21), type in your email address in the E-mail address text box. Click Next.

 

Figure 21

 

7.       Select the IMAP option from the My incoming mail server is a server drop down list box. (figure 22).

 

Type in the IP address or the fully qualified domain name for the IMAP server in the Incoming mail (POP3, IMAP or HTTP) server text box. If you use an IP address, make sure this is the IP address on the external interface of the ISA Server firewall that you’re using in the IMAP Server Publishing Rule. If you use a FQDN, make sure this FQDN resolves to the IP address you’re using on the external interface of the ISA Server firewall to publish the IMAP service.

 

Type in the IP address or the fully qualified domain name for the SMTP server in the Outlook mail (SMTP) server text box. If you use an IP address, make sure this is the IP address on the external interface of the ISA Server firewall that you’re using in the SMTP Server Publishing Rule. If you use a FQDN, make sure this FQDN resolves to the IP address you’re using on the external interface of the ISA Server firewall to publish the SMTP service.

 

Note that you do not need to supply your own SMTP server if you choose to not publish an SMTP server on your internal network. Your users can use the SMTP server provided for them by their ISP.

 

Click Next to continue.

 

Warning:
If you require a secure SMTP or IMAP connection to the published Exchange Server, then you must use a FQDN. This FQDN must match the common name on the certificate assigned to the site.

 

Figure 22

 

8.       On the Internet Mail Logon page (figure 23), enter the user name in the Account name text box and the password in the Password text box. Do not select the Log on using Secure Password Authentication (SPA) checkbox. Click Next

 

Figure 23

 

9.       Click Finish on the Congratulation page (figure 24).

 

Figure 24

 

10.   Select the IMAP/SMTP mail account you created and click the Properties button (figure 25).

 

Figure 25

 

16. On the mail account’s Properties dialog box (figure 26), click the Servers tab.

 

Type in your user name in the Account name text box. You do not need to enter a domain name because you have configured a default domain name at the IMAP4 server when you configured the Exchange Server’s IMAP4 service. If the user belongs to a trusted domain and not the same domain you configured in the default domain text box on the Exchange Server’s SMTP service, then you will need to enter the account name using the DOMAIN\User format. Enter a password for that user in the Password text box.

 

If you have configured your SMTP server to require authentication, then put a checkmark in the My server requires authentication checkbox and then click the Settings button. This brings up the Outgoing Mail Server dialog box. Note that you have two options in the Outgoing Mail Servers dialog box: Use same settings as my incoming mail server and Log on using. If you have published a secure authenticating SMTP server, then its likely that this server belongs to the same domain as the Exchange POP3 server that you published. In that case, you should select the Use the same settings as my incoming mail server option. If for any reason alternate credentials are required to log onto the SMTP server, then select the Log on using option and enter the account name and password.

 

Click Apply.

 

Figure 26

 

17. Click on the Advanced tab (figure 27).

 

In the Server Port Numbers frame, put a checkmark in the This server requires a secure connection (SSL) and This server requires a secure connection (SSL) checkboxes. Notice that OE still uses TCP port 25 for the secure connection. The secure SMTP publishing rule publishing the IIS or Exchange SMTP service can create a secure link on TCP port 25. The IMAP4 server must use TCP port 993, which is the port that the ISA Server firewall accepts the incoming connection requests and forwards them to the same port on the Exchange Server.

 

Click Apply and then click OK

 

Figure 27

 

11.   Click Close in the Internet Accounts dialog box (figure 28).

 

Figure 28

 

12.   Click Yes in the Outlook Express dialog box that asks if you want to download a list of folders from the mail server (figure 29).

 

Figure 29

 

13.   In the Show/Hide IMAP Folders dialog box, select a folder and click the Show button (figure 30). In this example, we’ll select the Calendar folder and click the Show button.

 

Figure 30

 

14.   Notice the Calendar folder has a calendar icon to the left of it after being selected (figure 31). Click OK.

 

Figure 31

 

15.   Message headers are automatically downloaded to the OE client (figure 32). Close Outlook Express.

 

Figure 32

 

 

 

Configure the OE Client for Secure NNTP Connections

 

You may want to create secure, authenticated NNTP connections to the NNTP service on the Exchange Server or an IIS NNTP server. Perform the following steps in the OE client to create secure authenticated NNTP connections to your published NNTP server published behind the ISA Server firewall:

 

1.       Open Outlook Express and click the Tools menu. Click the Account command (figure 33).

 

Figure 33

 

2.       In the Internet Accounts dialog box (figure 34), click the New tab (figure 34).

 

Figure 34

 

3.       Click the Add button. A fly out menu appears (figure 35). Click the News command.

 

Figure 35

 

4.       Type your name in the Display name text box on the Your Name page (figure 36). Click Next.

 

Figure 36

 

5.       Type your email address in the E-mail address text box on the Internet News E-mail Address page (figure 37). Click Next.

 

Figure 37

 

6.       On the Internet News Server Name dialog box (figure 38), type in the FQDN or IP address of the news server. If you use an IP address, this address must be the one you used in your NNTP Server Publishing Rule on the ISA Server firewall. If you use a FQDN, then the name much resolve to the IP address on the external interface of the ISA Server firewall that you’re using to publish the NNTP server. Put a checkmark in the My news server requires me to log on checkbox so that you can send credentials to your secure authenticating NNTP server.

 

Click Next.

 

Warning:
You must use a FQDN is you want to create a secure connection to the NNTP server. The FQDN must match the common name on the Web site certificate bound to the NNTP service.

 

Figure 38

 

7.       On the Internet News Server Logon page (figure 39), type in your user name in the Account name text box and your password in the Password text box. Put a checkmark in the Remember password checkbox so that you will not need to reenter your password each time you log on to the NNTP server. Do not put a checkmark in the Log on using Secure Password Authentication (SPA) checkbox.

 

Click Next.

 

Figure 39

 

8.       Click Finish on the Congratulations page (figure 40).

 

Figure 40

 

9.       Select the NNTP server account and click the Properties button (figure 41).

 

Figure 41

 

10.   On the General tab in the accounts Properties dialog box (figure 42) rename the account to the name of the news server that you’re connecting to. Click OK.

 

Figure 42

 

11.   Click Close on the Internet Accounts dialog box (figure 43).

 

Figure 43

 

12.   Click No in the Outlook Express dialog box asking if you want to download newsgroups (figure 44).

 

Figure 44

 

13.   Click the Tools menu and click the Accounts command (figure 45).

 

Figure 45

 

14.   Click on the News tab, select the newsgroup account and then click the Properties button (figure 46).

 

Figure 46

 

15.   In the newsgroup account’s Properties dialog box (figure 47), click on the Advanced tab. Put a checkmark in the This server requires a secure connection (SSL) checkbox. Click OK.

 

Figure 47

 

16.   Click Close in the Internet Accounts dialog box (figure 48).

 

Figure 48

 

17.   Click the Newsgroups button (figure 49) to download a list of available newsgroups on the news server.

 

Figure 49

 

18.   Select a newsgroup you want to subscribe to from the list of newsgroups on the All tab of the Newsgroup Subscriptions dialog box (figure 50). Click the Subscribe button after selecting the newsgroup you want to subscribe to.

 

Figure 50

 

19.   A small subscription icon appears to the left of the newsgroup after you subscribe to it (figure 51). Click OK in the Newsgroup Subscriptions dialog box.

 

Figure 51

 

20.   Click on the newsgroup you subscribed to (figure 52). Message headers are automatically downloaded.

 

Figure 52