GMAIL IMAP/POP3 Security Concerns - SMTP Transport Rule for Google Mail
Our concern is leaving the IMAP/POP ports open on our Google Configuration. Would it be possible to Configure the Service Desk with Google Mail that allows KACE to create a transport rule that redirects the email sent to the 'alternate' email address to the Service Desk queue email within kace.
There has been a 70% increase (2018 - 2019) in what has become known as "IMAP Spraying" where IMAP accounts are bombarded with millions of passwords in the hope one will work. It is a very successful hacking technique. A breach of the KACE credentials could provide a hacker with everything about internal systems.
I believe we should make it a high priority to get KACE to speak SMTP and still provide the messaging function it is serving today. POP/IMAP are not secure, possibly KACE support could advise in light of these new threats.
From Quest Support:
hen you configure a helpdesk with MS Exchange with smtp in order to Kace receive emails from the exchange server you need to create a transport rule that redirect the email sent to the 'alternate' email address to the hepldesk queue email in kace.
Google will not allow any client access to the server to take the messages from there.
Gmail only allows pop 3 or IMAP so kace will act as a client requesting a copy of the messages inside the gmail mailbox.
Google will allow client to send emails on their behalf with the smtp settings configured so kace can send emails to the gmail account.
That is the only configuration allowed and explained on the KB article below:
Andy Flesner commented
The SMA has an SMTP server on it running at all times (anonymous port 25). You can relay mail to it directly, but any relay must have a valid MX record for sender verification. Typically, customers who do not want to use POP3 will, instead, configure an internal SMTP mail relay with transport rules designed to redirect mail sent to the public queue address back to the internal address on the SMA.
Dustin Leonard commented
After further conversation with Quest Support perhaps this is a Google Limitation.
From Quest Support:
When configuring smtp with exchange it allows you to configure
> inbound/outbound traffic via smtp because exchange is your owned server and
> you can configure the necessary so it can send to kace via smtp. You don't
> have that option in gmail. Therefore in exchange there is no need to use
> Gmail only allows the clients to connect via pop3/imap to get a copy of
> the content inside a mailbox. Don't know whether is a matter of improvement
> or just policy from them. But basically that is the options they give us.
> That is the way this usually works with cloud based systems such as Office
> 365 as well; in which the inbound traffic to kace is made via Pop3.