Examining Exchange Server 2003 transport-level security would not be complete without discussing protocols other than SMTP. In addition to SMTP, Exchange Server 2003 supports the following:
Network News Transfer Protocol (NNTP)
Post Office Protocol version 3 (POP3)
Internet Message Access Protocol (IMAP4)
Some notable security features Exchange Server 2003 provides regarding these protocols includes, but is not limited to, the following:
These protocols are not enabled by default unless the system was upgraded from a previous version of Exchange that also had these services running.
Each protocol runs as a service and the service is disabled by default.
IMAP4 and POP3 support Basic authentication over SSL or TLS as well as NTLM-based authentication.
NNTP supports anonymous (disabled by default), Basic authentication, Integrated Windows Authentication, and SSL client authentication.
Each protocol supports secure, certificate-based communications.
Each protocol can use connection controls (IP address or domain names) to grant or deny access.