Set up FQDN and bridgeheads for POP3 and IMAP4 email

Discover the connection between back-end servers, front-end servers, bridgehead servers and FQDNs and learn how to configure them for POP3 and IMAP email.

We have POP3 and IMAP set up on our two bridgehead servers, and we have a fully qualified domain name (FQDN) set up in DNS (we'll use for the example). This FQDN is pointed to one particular bridgehead.

When the client tries to access, and the specific mailbox that he is trying to access is on the server to which the FQDN is pointing, the user can access POP3 and IMAP. However, if the FQDN is pointed to the other bridgehead server, which does not contain the actual mailbox, the client is unable to access the mailbox.

Is there a way to set up the FQDN to allow the users to always access any mailbox on any server? Which server does the FQDN need to point to for this to occur?

We have two front-end servers, about 15 routing groups, several bridgeheads for the routing groups, two main Internet gateways (one that's a primary inbound and one that's secondary using costs), and about 35 mailbox servers. We are almost completely migrated to Exchange Server 2003 Service Pack 2, with a couple of exceptions where the server is still Exchange 2000 Service Pack 3.

From your description, it seems the users are trying to access mailboxes using POP3/IMAP4. The term "bridgehead" may be a little confusing in this context.

What we need to establish is whether the server to which the users connect ( is a back-end server that hosts mailboxes or a front-end server, which does not host mailboxes. Both front-end servers and back-end servers can be bridgehead servers.

The term "bridgehead" simply means that the server has SMTP running, and email is being routed through it using a connector. For example, the SMTP virtual server on that Exchange server is explicitly selected as a bridgehead for a connector.

Now that we've got that out of the way, here are the two scenarios:

  1. If the server that POP3/IMAP4 clients connect to is a front-end server, it proxies users' requests to the back-end server(s) where the mailboxes reside. In this case, all users should be able to access their mailbox using POP3/IMAP4 protocols when connected to that server.
  2. However, if the server being connected to is a back-end server, it does not behave in that manner. This is perhaps why you're seeing some users, who have mailboxes hosted on that server, are able to access mailboxes, whereas users with mailboxes on other back-end servers cannot.
The solution: Have users connect to a front-end server instead. This can be done by allowing the appropriate protocol (POP3/IMAP4) traffic to it from the Internet (and additionally may require creation of an A record for that server's FQDN in your external DNS zone).

Also note that front-end servers can be used as bridgeheads if they're running SMTP. You can add them to connectors and also point your external MX records to these.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from

  • Tip: Messaging standards for SMTP, POP and IMAP
  • Tutorial: A primer on DNS and MX records
  • Tutorial: How to set up a front-end Exchange Server cluster
  • Primer: Exchange server roles and hardware requirements
  • Reference Center: Microsoft Exchange Server and DNS
  • Dig Deeper on Exchange Server setup and troubleshooting