Solved

Secure POP3 and SMTP using SSL

Posted on 2006-06-20
3
667 Views
Last Modified: 2006-11-18
Hi,

I have windows 2003 and MS Exchange 2003 in the organization i work for. Some of the users need to access their email from outside the office. So I'm planning to setup secure POP3 and SMTP using SSL certificate for this purpose.

When a user is outside the office, I want to him/her to be able to connect to the Exchange using POP3 (SSL) and when they want to send mail out, they will send to the office Exchange SMTP server securely using SSL as well.


So question are:

1. do I have to buy two SSL certificates for this purpose? because I want to secure both POP3 and SMTP.

2. How do I configure the Exchange 2003 server to allow both secure and non secure connection (POP3 and SMTP). Because for internal user, there is no need for them to connect securely. but for external user, they have to connect securely.


Thanks,

mrpc_cambodia

0
Comment
Question by:mrpc_cambodia
  • 2
3 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 50 total points
ID: 16956317
One certificate is fine.
I usually purchase the certificate through IIS for web (so that OWA is protected) then export the certificate and import for the other virtual servers.

You should configure additional ports on the server for the secure version of the protocols.

IMAP: 993
SMTP: 465 (TLS)
POP3: 995 (also known as SPOP3)

If you don't, then you may have problems with sending email, as many sites will block port 25.
Note I said ADDITIONAL ports - as Exchange will support SSL on the native ports as well.
You will probably need to reconfigure the clients, so make it work inside as well as outside.

Can you not use RPC over HTTPS though?

Simon.
0
 

Author Comment

by:mrpc_cambodia
ID: 16957138
Actually RPC over HTTPS is good. but in my environment, users are using POP3.

I want to know when I request a certificate, for the common name, should I use my real internet DNS name or my local netbios name.

The reason I ask is like this: my mail server is behind a firewall/NAT server. so in reality, my mail server is local to my LAN. so it makes me confuse what name I should use for the common name to request the certificate.

so can you guide me so I can clear this out?

Thanks,
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 50 total points
ID: 16959839
Common name is what the users will enter in to their browser. It will not be the netbios name as that isn't what the users will be entering.

Certificate use three things to check...

1. Is the certificate valid
2. Was it issued by someone I trust
3. Does the name on the certificate match the name I am accessing.

Any of those fail, then everything fails.

Simon.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
powershell script SMTP report 6 38
exchange powershell question 5 34
Exchange 2010, Implementing On-Prem Archiving 3 27
Setting mailbox quotes on exchange for all users 3 19
Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question