In general, SSL offload for IMAP represents a trade-off. When servers are running near capacity, offloading SSL can allow you to accommodate additional traffic with a given set of servers, at a cost of some diminished security checks. When you choose to SSL offload you should follow the recommendations set by Microsoft. Progress Kemp understands the recommendations to be; Disabling Secure Login Authentication using instructions found at http://technet.microsoft.com/en-us/library/bb691401.aspx.

  • When using the IMAP or POP3 service, TLS must be turned off on the Exchange server. If TLS is on, the server will attempt to force TLS and this may break the connection.

When configuring the IMAP4 Properties, ensure to select one of the first 2 options because TLS should not be enabled.

  1. In the main menu of the LoadMaster WUI, select Virtual Services.
  2. Select Add New.

  3. Enter a valid Virtual Address.
  4. Enter 993 as the Port.
  5. Enter a recognizable Service Name, for example Exchange 2010 IMAPS Offloaded.
  6. Select tcp as the Protocol.
    Note: The combination of Virtual Address, Port and Protocol must be unique within the LoadMaster.
  7. Click Add this Virtual Service.
  8. Configure the settings as shown in the following table:

    Optional: Import the appropriate PFX certificate and key file into the LoadMaster. For instructions on how to do this, refer to the Importing and Assigning an SSL Certificate section.

    Optional: Export the appropriate certificate and key from Exchange 2010 using the Microsoft export information found at http://technet.microsoft.com/en-us/library/bb310778.aspx. Ensure to export the certificate and private key as a Personal Information File (PFX). An SSL certificate can be obtained from any certificate authority. When prompted by a third party certificate authority to specify a server type, indicate “Apache”. The format of Apache server type certificates is recognized by the LoadMaster.

    * By default, a self-signed certificate is used. Click OK when a message displays indicating that there is no SSL certificate currently available.

    Section

    Option

    Value

    		 Comment
    SSL Properties SSL Acceleration Enabled*

    Standard Options

    		Transparency Disabled
    Server Initiating Protocols IMAP4

    		Idle Connection Timeout 3600 Click Set Idle Timeout.

    Real Servers

    		Real Server Check Method Mailbox (IMAP) Protocol
    Checked Port 143 Click Set Check Port.
  9. Click the Add New… button.
  10. Enter the Real Server Address.
  11. Enter 143 as the Port.
  12. Click Add This Real Server.
  13. Click OK in response to the confirmation that the Real Server was added.

To view, modify, or delete any Virtual Services or Real Servers that have been added, select Virtual Services and View/Modify Services in the main menu of the LoadMaster WUI.