IMAP4 / POP3 Considerations for Legacy Server Migrations

I commonly rely on my customer to at least provide me with a heads up when there are applications or users or devices that are integrated into Exchange. Bu integrated I mean relaying email messages or using protocols like POP and IMAP. This has led to successful migrations from legacy Exchange versions to Exchange 2013. However recently I had an issue where the client did not understand all the connections or applications that were connected to their legacy Exchange 2010 server.

Scenario
For this client changing the IP of the Exchange had a potential of breaking a lot of devices that connected via IP and not DNS. We had decided early on that we could re-IP the server at the end of the cutover for the end users. We would give the Legacy server a different IP and reboot it. Then we would change the Exchange 2013 IP and reboot it. After 2013 rebooted we would update AutoDiscover and the any other DNS records pointed at the Exchange 2013 server.

After this part of the migration the client called me to let me know that several applications they had working prior to the migration were no longer able to relay emails. This was perplexing because we had copied all the RemoteIP Ranges from the Legacy Exchange 2010 connectors using a method similar to this (Ref this URL – .. Jeff Guillet article… ). We verified that the connector IP was correct as well as the IPs allowed to relay thought the connector. These values all checked out.

How to troubleshoot?
There are many ways that these devices can connect. The most common is SMTP (port 25). However, applications have been known to utilize IMAP4 and POP3. These two methods are not as common, however there are a plethora applications that can use these ports for email relay or email retrieval. So we need to review logs. For SMTP the easiest way to do this is the PowerShell Cmdlet ‘Get-MessageTrackingLog’. If you’ve just migrated all of your devices from the Legacy Exchange Servers to your new Exchange 2013 servers, then you want to run the cmdlet with a start date of when the last device moved to Exchange 203. Like this:

Get-MessageTrackingLog -start 2/9/16 -server EX01 |ft timestamp,clientip -auto

MsgTracking
This one-liner will give us a quick view into what machines are connecting to Exchange.

If no results are found, then we can safely move on to the next protocol.

IMAP4 and POP3
With IMAP and POP3, there is no tracking log cmdlet. The server logs these connections in a series of log files – IF – logging is turned on. If it is not, then you will not be able to figure out what is connecting. The scripts below will discover the directory for the log files and then parse the log files for the CIP (Client IP) values that we will need to determine if anything is connecting on these ports.

The log files in question looks like this:

POPLogfile
IMAPLogfile
And the script running looks like this:

POPResults





The Scripts

Note that these scripts will discover where the POP3 or IMAP logs are located based on the configuration in Exchange.

POP3 Discovery Script

# Define Variables
$cipresults = @()

# Get all Exchange 2010 servers
$servers = (Get-ExchangeServer | where {$_.admindisplayversion -like "Version 14*"}).name

foreach ($server in $servers) {
   
    # Get Files for parsing
    $location = (Get-PopSettings -server $server).logfilelocation
    $path = "\\$Server`\$($location.Replace(':','$'))"
    $files = get-childitem $path

    foreach ($file in $files) {
        $name = $file.name
        $csv = import-csv $path"\"$name
        foreach ($line in $csv) {
            if ($line -like "#") {
            } else {

# Get the Client IP
                $info = $line.cip
                if ($info -ne "cip") {
                    foreach ($value in $info) {
                        if ($value -ne $null) {
                        
# Client IP also contains the port number which we will remove here
                            $ID = $value.Split([char]0x003A)
                            $CIP = $ID[0]
                            $cipresults += $cip
                        }
                    }
                }
            }
        }
    }
}

# Optional - Remove Duplicates
write-host " "
write-host "List of IP Addresses that connect to the POP3 Service of all the Exchange 2010 Servers" -foregroundcolor cyan
$cipresults | sort -unique

IMAP4 Discovery Script

# Define Variables
$cipresults = @()

# Get all Exchange 2010 servers
$servers = (Get-ExchangeServer | where {$_.admindisplayversion -like "Version 14*"}).name

foreach ($server in $servers) {
   
    # Get Files for parsing
    $location = (Get-IMAPSettings -server $server).logfilelocation
    $path = "\\$Server`\$($location.Replace(':','$'))"
    $files = get-childitem $path

    foreach ($file in $files) {
        $name = $file.name
        $csv = import-csv $path"\"$name
        foreach ($line in $csv) {
            if ($line -like "#") {
            } else {

# Get the Client IP
                $info = $line.cip
                if ($info -ne "cip") {
                    foreach ($value in $info) {
                        if ($value -ne $null) {
                        
# Client IP also contains the port number which we will remove here
                            $ID = $value.Split([char]0x003A)
                            $CIP = $ID[0]
                            $cipresults += $cip
                        }
                    }
                }
            }
        }
    }
}

# Optional - Remove Duplicates
write-host " "
write-host "List of IP Addresses that connect to the IMAP4 Service of all the Exchange 2010 Servers" -foregroundcolor cyan
$cipresults | sort -unique

Multiple Servers?

The above script is great, but if there were more than one server to examine. How can we handle multiple servers?
POP3 Multiple:

# Define Variables
$cipresults = @()

$servers = (Get-ExchangeServer).name
foreach ($server in $servers) {

    # Check to see if the server has the service on
    $pop = Get-Service -ComputerName $server | where {$_.name -like "*pop3"}
    if ($pop.status -ne "Stopped") {
    	# Get Files for parsing
    	$location = (Get-PopSettings -server $server).logfilelocation
	    $path = "\\$Server`\$($location.Replace(':','$'))"
	    $files = get-childitem $path

	    foreach ($file in $files) {
		    $name = $file.name
            $csv = import-csv $location"\"$name
            foreach ($line in $csv) {
                if ($line -like "#") {
                } else {

	# Get the Client IP
                    $info = $line.cip
                    if ($info -ne "cip") {
                        foreach ($value in $info) {
                            if ($value -ne $null) {
                        
	# Client IP also contains the port number which we will remove here
                                $ID = $value.Split([char]0x003A)
                                $CIP = $ID[0]
                                $cipresults += $cip
                            }
                        }
                    }
                }
            }
        }
    } else {
		    write-host "The server " -foregroundcolor white -nonewline
		    write-host "$server" -foregroundcolor cyan -nonewline
		    write-host "'s POP3 service is not started." -foregroundcolor white -nonewline
		    write-host " No logs will be analyzed!" -foregroundcolor yellow
    }
}

# Optional - Remove Duplicates
$cipresults | sort -unique

IMAP Multiple:

# Define Variables
$cipresults = @()

$servers = (Get-ExchangeServer).name
foreach ($server in $servers) {

    # Check to see if the server has the service on
    $imap = Get-Service -ComputerName $server | where {$_.name -like "*imap*"}
    if ($imap.status -ne "Stopped") {
    	# Get Files for parsing
    	$location = (Get-IMAPSettings -server $server).logfilelocation
	    $path = "\\$Server`\$($location.Replace(':','$'))"
	    $files = get-childitem $path

	    foreach ($file in $files) {
		    $name = $file.name
            $csv = import-csv $location"\"$name
            foreach ($line in $csv) {
                if ($line -like "#") {
                } else {

	# Get the Client IP
                    $info = $line.cip
                    if ($info -ne "cip") {
                        foreach ($value in $info) {
                            if ($value -ne $null) {
                        
	# Client IP also contains the port number which we will remove here
                                $ID = $value.Split([char]0x003A)
                                $CIP = $ID[0]
                                $cipresults += $cip
                            }
                        }
                    }
                }
            }
        }
    } else {
		    write-host "The server " -foregroundcolor white -nonewline
		    write-host "$server" -foregroundcolor cyan -nonewline
		    write-host "'s IMAP service is not started." -foregroundcolor white -nonewline
		    write-host " No logs will be analyzed!" -foregroundcolor yellow
    }
}

# Optional - Remove Duplicates
$cipresults | sort -unique

What if the services are not started?

POP3
POP3
IMAP4
IMAP4
Further Reading
Get-IMAPSetting
Get-POPSettings

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s