Solved

Secure POP3 and SMTP using SSL

Posted on 2006-06-20
3
664 Views
Last Modified: 2006-11-18
Hi,

I have windows 2003 and MS Exchange 2003 in the organization i work for. Some of the users need to access their email from outside the office. So I'm planning to setup secure POP3 and SMTP using SSL certificate for this purpose.

When a user is outside the office, I want to him/her to be able to connect to the Exchange using POP3 (SSL) and when they want to send mail out, they will send to the office Exchange SMTP server securely using SSL as well.


So question are:

1. do I have to buy two SSL certificates for this purpose? because I want to secure both POP3 and SMTP.

2. How do I configure the Exchange 2003 server to allow both secure and non secure connection (POP3 and SMTP). Because for internal user, there is no need for them to connect securely. but for external user, they have to connect securely.


Thanks,

mrpc_cambodia

0
Comment
Question by:mrpc_cambodia
  • 2
3 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 50 total points
Comment Utility
One certificate is fine.
I usually purchase the certificate through IIS for web (so that OWA is protected) then export the certificate and import for the other virtual servers.

You should configure additional ports on the server for the secure version of the protocols.

IMAP: 993
SMTP: 465 (TLS)
POP3: 995 (also known as SPOP3)

If you don't, then you may have problems with sending email, as many sites will block port 25.
Note I said ADDITIONAL ports - as Exchange will support SSL on the native ports as well.
You will probably need to reconfigure the clients, so make it work inside as well as outside.

Can you not use RPC over HTTPS though?

Simon.
0
 

Author Comment

by:mrpc_cambodia
Comment Utility
Actually RPC over HTTPS is good. but in my environment, users are using POP3.

I want to know when I request a certificate, for the common name, should I use my real internet DNS name or my local netbios name.

The reason I ask is like this: my mail server is behind a firewall/NAT server. so in reality, my mail server is local to my LAN. so it makes me confuse what name I should use for the common name to request the certificate.

so can you guide me so I can clear this out?

Thanks,
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 50 total points
Comment Utility
Common name is what the users will enter in to their browser. It will not be the netbios name as that isn't what the users will be entering.

Certificate use three things to check...

1. Is the certificate valid
2. Was it issued by someone I trust
3. Does the name on the certificate match the name I am accessing.

Any of those fail, then everything fails.

Simon.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now