Show/Hide Toolbars

Navigation: Procedures

Allowing remote users access to their VPOP3 mailboxes

 Scroll Prev Top Next More

Sometimes people want to be able to access their office VPOP3 mail server from a remote site or mobile phone etc.

These instructions assume you have a permanent Internet connection (eg ADSL, Cable etc). If you don't have a permanent Internet connection, see the "Allow Remote Access to VPOP3 without a permanent connection" topic

Router/Firewall Configuration

First you need to set your router and/or firewall to allow incoming access to the VPOP3 computer on the relevant ports (eg 110 for POP3, 143 for IMAP4, 5108 for WebMail/CalDAV). For details about how to do this you may need to read the documentation for your router/firewall.

If you are using a software firewall, such as the Windows firewall, or other Internet Security software you may need to do the same to allow connections to the VPOP3 software.

With the Windows firewall or Internet security software, you may need to 'allow' VPOP3 to act as a service on the Internet and also allow the specific ports through the software firewall as well.

VPOP3 Configuration

POP3/IMAP4/Webmail

By default VPOP3 will refuse access to anyone connecting from outside your local network, so you need to tell VPOP3 to allow access from anywhere.

Go to Services → POP3 (or Services → IMAP4, or Services → Webmail, as appropriate). Then, go to the IP Access Restrictions tab. Press the Add button. Choose:

Allow

Type: Any Host

In the Users list, either leave all users unselected to allow any user to access the VPOP3 service from the Internet, or select users to just allow those users to access VPOP3 from the Internet.

allow_remote_access_zoom50

SMTP

Note do NOT simply allow access to anyone to your VPOP3 SMTP service, this will lead to you making VPOP3 into an open relay. Instead you will need to set the SMTP service access restrictions to limit access to your users alone.

Go to the Services → SMTP page in the VPOP3 settings.

Check the Require SMTP Authentication and Do not require SMTP authentication for internal/incoming mail options.

Make sure the SMTP Anti-Relay Protection method is set to Check Client IP Address.

Go to the IP Access Restrictions tab

The default settings will have Block - routers and Allow - Local Nets entries. These will block the router itself from sending outgoing email, and anyone on the local network will be able to send outgoing mail.

Now you have checked the Require SMTP Authentication box, local users will still be able to send mail, but only if they change their email client configuration to use SMTP authentication. If you wish, you may edit the Local Nets entry and check the Allow Unauthenticated Access box to allow your local users to send mail without authenticating. If you have added any other 'trusted' networks, eg other subnets on your office network, you may also choose to do the same for those.

Then, add another restriction to Allow - Any Host. Do NOT check the Allow Unauthenticeted Access box for this entry. This lets any user send mail from anywhere as long as they have authenticated first.

If you wish, you can select Users who can send mail from the Internet. If you don't do this, then any user can send mail from the Internet.

Please make sure that passwords for users who can send mail from the Internet are secure. If they are not (for instance if they are 'password' or the user name (or simple variants thereof)) then spammers will often find the login details and send spam through your server.

Email client settings

For the user to access their mail, they connect to the Internet, and use your external Internet IP address assigned by your ISP. Use the same login details as for internal access.

If your office has a static IP address on the Internet, then you can simply use that address as the server address in your email client. If you have your own domain, you can make it easier to remember by configuring a DNS name to refer to that IP address.

See also: Determining your VPOP3 server address.

If you have a static IP address and want computers to be able to work from both inside and outside your network, you MAY be able to use the external IP address in both cases if your router supports NAT loopback, or you may need to set up two DNS servers (or a single DNS server with “zones”). For instance you can create a host name with your ISP for your domain name to resolve to the external IP address for access from outside your network, and have an internal DNS server (such as that which comes with Windows Server, or Simple DNS Plus or similar) to resolve the same host name to the internal IP address.

If your office has a dynamic IP address, then you need to use a 'dynamic DNS' service to give your IP address a name which you can use in your email client.

If you have any problems with DNS entries (either static or dynamic) then we can help you set them up, but as it is not a VPOP3 problem it will be a chargeable incident.

If you think this help topic could be improved, please send us constructive feedback