Re: Info about Microsoft Exchange application protocol

[walter.williams () GENUITY COM (Walter Williams)]

There are a number of possible protocols at work here:

SMTP
IMAP 4
POP 3
LDAP 3

MAPI

So the first question becomes what is the nature of Outlook's configuration,
(Open Internet or Corporate Workgroup).  Corporate Workgroup is limited to
MAPI, POP & SMTP.  Open Internet is limited to SMTP, IMAP, POP  & LDAP.

How the password is sent is a derivitive of that.  If MAPI, then yes Outlook
passes a token of the password to the server.  If POP, IMAP (Autheniticated
SMTP) any password may be sent as clear text unless the Exchange server is
configured to offer an encrypted authentication on these protocols and the
client is configured in a simular manner.

Walt

-----Original Message-----
From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of
Bobby, Paul
Sent: Monday, April 24, 2000 3:37 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Info about Microsoft Exchange application protocol

I haven't done an exhaustive search, but asking here is part of it.

Where can I find information about the protocol exchange between Microsoft
Outlook and Exchange? Is the userid and password a standard windows client->
windows server exchange?

Paul Bobby
-----------------
<dream> Got Root? </dream>