Entourage and RPC-over-HTTP

“Does Entourage use RPC-over-HTTP?” I’ve run across this question several times in the public newsgroups, on mailing lists, and in direct conversation. Now Mike Wendland’s asking, so I figured I’d write a long answer and just refer to it in the future.

In the beginning, there was MAPI, the Mail Application Programming Interface. Microsoft Mail (remember that?) used MAPI, as did the long-forgotten Windows Messaging and Exchange Client applications. When the Outlook team began working on Outlook, it used MAPI also. MAPI communication between client and server are actually implemented using remote procedure calls (RPCs) that travel over the Windows RPC subsystem, which uses TCP ports 135 and 443 and UDP ports 137 and 139. Because early versions of Windows had a number of RPC-related security vulnerabilities, admins quickly learned to block these ports from the Internet, meaning that you had to dial in or establish a VPN session to get your mail with Outlook from outside the corporate network.

In the meantime, lots of other applications started tunneling their data over the standard HTTP port, TCP port 80. This has the advantage (for users) of letting these applications run without special permissions or changes to the firewall. With Outlook 2003, Microsoft implemented RPC-over-HTTP tunneling so that you can establish a native Outlook MAPI session from outside the firewall without using the default RPC ports. This is good from a security and convenience standpoint. Why security? Think about it: if you establish a VPN session, you’re trusting the remote machine to be clean, and you’re trusting the remote user not to do anything malicious on your network. With RPC-over-HTTP, all the remote user can do is get mail, so you don’t have to worry that they’re going to screw up anything else.

Entourage for Mac OS X doesn’t use RPC-over-HTTP. Instead, it uses WebDAV, an XML-based technology that travels over HTTP connections. It has nothing to do with MAPI or with RPCs, and it works with Exchange 2000 and Exchange Server 2003– RPC-over-HTTP requires Exchange Server 2003 running on Windows Server 2003.

Both technologies have the same effect: an outside user can establish a connection to the Exchange server using HTTP (which had better be protected with SSL) to talk to the server.

Now, on to Mike’s specific question: Apple Mail 2 supports Exchange accounts using WebDAV, so if your employer supports WebDAV and is running Exchange 2000 or later, you should be good to go. You’ll probably need to enter the same server name that you use for Outlook Web Access to get Mail to find the right server. Good luck!