Introduction

Controlling how users connect to Exchange is a necessary part of administering Exchange servers. The recipes in Chapter 7 describe how to control SMTP connections, both originating from and terminating at the Exchange server. In this chapter, we're going to consider how users connect to your servers with MAPI, WebDAV, POP, IMAP, NNTP, and Outlook Web Access. There are significant differences between how Exchange handles client interactions between these protocols, most of which stem from the protocol implementation. Several of the recipes within this chapter use registry keys in the solutionyou should note that Group Policies may also be used to make these registry changes.

MAPI Clients

The venerable Messaging Application Protocol Interface (MAPI) has been around a long time, and reports of its death have been greatly exaggerated. As the primary protocol used by Outlook since its inception, MAPI is well entrenched in Exchange deployments. MAPI traffic is actually a series of remote procedure calls (RPCs) that pass between the client and the server; the contents of these RPCs aren't publicly documented by Microsoft, and they have changed the ordering and contents of the RPC payloads in several successive versions of Outlook to improve efficiency and security. MAPI connectivity can be established directly between the client and the server or through the RPC-over-HTTP proxy feature added to Windows Server 2003, Exchange Server 2003, and Outlook 2003. In addition, you can publish RPC through a firewall machine running Microsoft's Internet Security and Acceleration (ISA) Server, which can do application-level inspection and filtering of the RPC traffic passing through it.

Outlook offers the richest feature set of all Exchange clients, in part because of the significant number of MAPI properties that have been implemented over time. These properties store data about messages, such as whether it's been read or replied to; Outlook retrieves and caches properties when a message is copied to the Outlook client, then uses them in its interface.

Outlook Web Access

Outlook Web Access is an HTTP-based web mail client that comes in two varieties. the "premium" version is designed for, and works only with, Internet Explorer for Windows. It delivers a client experience that's surprisingly close to the full version of Outlook (including drag-and-drop message handling, type-ahead selection, calendar reminders, and access to public folders, rules, and the GAL), but it requires the use of IE, and some features depend on the S/MIME ActiveX control. The "basic" version of OWA will work on almost any other browser, as long as it supports JavaScript and frames. The basic version doesn't have all of the functionality of the premium version, but it's much more portable and uses somewhat less bandwidth.

Unlike the Exchange 5.5 version of OWA, which was a set of Active Server Page (ASP) files that used MAPI to fetch messages from the Exchange store, the Exchange 2000 and Exchange Server 2003 versions are implemented using a direct interprocess communications (IPC) layer called ExIPC that routes requests from the OWA pages to the Exchange store. One key feature that makes this work is that every item in the Exchange 2000/2003 information store is addressable by its own unique URL via WebDAV; the Exchange store also provides a complete rendering engine that can take the contents of a requested URL and render it appropriately for the client version and language used on the receiving end.

Compression is an ancillary benefit of OWA 2003. IIS 5.0 introduced the ability to use gzip compression to compress data before sending it, an ability long supported by Internet Explorer and most other browsers. When you enable compression, Internet Information Server (IIS) is responsible for compressing all the data it sends to the browser. In low-compression mode, IIS only compresses static pages like the OWA logon page; in high-compression mode, dynamic pages are compressed too. This can add significant CPU loading (on the order of 10-15%), but since most Exchange servers underutilize their CPUs, this isn't a big deal. Compression requires Windows Server 2003, and all the users whose mailboxes are accessed through OWA must have those mailboxes on Exchange Server 2003 machines.

WebDAV Clients

OWA uses WebDAV, but so do other clients. In particular, Microsoft's Entourage for Mac OS X uses WebDAV to implement its Exchange support. However, WebDAV can be used for much more than messaging. For example, Office 2000 and later can use WebDAV to store or retrieve documents directly from Exchange folders; a wide variety of other command-line clients and libraries allow the use of WebDAV on Mac OS X, Windows, Linux, and other Unix variants. WebDAV clients can access all of the same properties as MAPI clients: some properties are explicitly exposed, while others can be requested by their hexadecimal property ID.

Interestingly, Exchange's WebDAV implementation (provided by davex.dll) is separate from the one provided by IIS. The IIS implementation can be disabled without interrupting Exchange service, but if you remove or disable davex.dll your Exchange server will abruptly quit working.

POP, IMAP, and NNTP Clients

These clients use the Internet protocol handlers that ship with Exchange; these handlers are actually built on top of the respective protocol implementations for IIS. There's not very much to say about the implementation of these Internet-standard protocols; Exchange 2000 and Exchange Server 2003 provide the required functionality according to the POP3, IMAP4, and NNTP RFCs, and they provide a good deal of optional functionality as well. One important feature is Exchange's ability to run these protocols over a Secure Sockets Layer (SSL)-protected connection; given the weakness of standard POP/IMAP/NNTP authentication, you should require this if you're going to allow these protocols to be used from outside your corporate network. Most Exchange administrators disallow the use of POP3 and IMAP4 from the outside users, although some sites that need to give mobile users access will allow IMAP4 with SSL.

Examples of clients in this space include Outlook Express, Eudora (Mac OS Classic, Mac OS X, Windows), Thunderbird (Mac OS X, Windows, Linux), pine (Linux), VersaMail (Palm OS), and Aileron (Palm OS). The Windows Mobile and Pocket PC versions of Outlook also allow POP and IMAP connectivity, as does the standard Windows version of Outlook.