There are still security issues with IMAP, however, in that the default protocol still transmits the username and password information across the internet in clear text, and even though fewer sniffers are trained on IMAP ports to try and discover account credentials, the risk is still there. To help protect account credentials, as well as e-mail contents, IMAP can be set up over SSL, which encrypts the entire transaction process, not just username and password. The iPhone and other devices can be easily set up to use IMAP over SSL, but you have to first set up the Exchange server on SBS to provide the secure mail transport. This document covers this implementation with SBS 2003 and ISA 2004. A separate document has been created for the process to follow with SBS 2003 Standard. Follow these steps to enable and configure IMAP using SSL. Enable the IMAP service on SBS 2003 Open the Services control panel (Start -> Run -> services.msc or Start -> All Programs -> Administrative Tools -> Services) Scroll down to find Microsoft Exchange IMAP4 . Double-click on the service to open the properties. In the General tab, change the Startup Type to Automatic. Click Start to start the IMAP service. Click OK to close the Properties window. Confirm that the IMAP service is started and set to Automatic in the services list. Configure IMAP services in Exchange Open Exchange System Manager (Start -> All Programs -> Microsoft Exchange -> Exchange System Manager). Expand Servers, your server name, Protocols, and IMAP4. Select the Default IMAP4 Virtual Server, right click and select Properties. Select the Access tab, then click on the Certificate button under "Secure communication". Go through the Web Server Certificate Wizard. Click Next to start. Select "Assign an existing certificate" and click Next. Select the public certificate name and click Next. Verify the proper certificate has been selected and click Next. Complete the wizard by clicking Finish. Select the "General" tab and click the "Advanced" button. Confirm the ports for IMAP are 143 and 993 (for SSL) and the IP address is "All Unassigned". Click OK to close the Advanced dialog box, then click OK to close the properties of the IMAP4 Default Virtual Server. Enable SSL connections for the SMTP service Open Exchange System Manager. Expand Servers, your server name, Protocols, SMTP, and select the Default SMTP Virtual Server. Right-click on the Default SMTP Virtual Server and select Properties. Select the Delivery tab, then click Advanced. In the "Fully-qualified domain name" field, enter the full public DNS name of the server and click OK. Select the Access tab and click the Certificate button under "Secure communication". Select "Assign an existing certificate" and click Next. Select the public certificate name, and click Next. Confirm the correct certificate selection and click Next. Click Finish to complete the wizard. In the Access tab, click Communication under "Secure Communication." In the Security dialog box, ensure that the "Require secure channel" checkbox is turned off. Click OK to close the Security dialog, then click OK to close the Default SMTP Virtual Server properties. Configure ISA 2004 to accept connections for IMAP SSL Open the ISA 2004 Management Console. Select Firewall Policy in the left pane, then select the Tasks tab in the right pane. Click the Create New Server Publishing Rule task to start the wizard. Name the new rule and click Next. Enter the internal IP address of the SBS server as the Server IP Address and click Next. In the Select Protocol page, select IMAPS Server from the drop-down list and click Next. In the IP Addresses page, select the External checkbox and click Next. Review the settings and click Finish to complete the wizard. Click Apply to accept the updates, then close the ISA 2004 Management Console. At this point, you are able to make SSL connections to both the IMAP4 service as well as the SMTP service.