Solved

Secure POP3 and SMTP using SSL

Posted on 2006-06-20
3
672 Views
Last Modified: 2006-11-18
Hi,

I have windows 2003 and MS Exchange 2003 in the organization i work for. Some of the users need to access their email from outside the office. So I'm planning to setup secure POP3 and SMTP using SSL certificate for this purpose.

When a user is outside the office, I want to him/her to be able to connect to the Exchange using POP3 (SSL) and when they want to send mail out, they will send to the office Exchange SMTP server securely using SSL as well.


So question are:

1. do I have to buy two SSL certificates for this purpose? because I want to secure both POP3 and SMTP.

2. How do I configure the Exchange 2003 server to allow both secure and non secure connection (POP3 and SMTP). Because for internal user, there is no need for them to connect securely. but for external user, they have to connect securely.


Thanks,

mrpc_cambodia

0
Comment
Question by:mrpc_cambodia
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 50 total points
ID: 16956317
One certificate is fine.
I usually purchase the certificate through IIS for web (so that OWA is protected) then export the certificate and import for the other virtual servers.

You should configure additional ports on the server for the secure version of the protocols.

IMAP: 993
SMTP: 465 (TLS)
POP3: 995 (also known as SPOP3)

If you don't, then you may have problems with sending email, as many sites will block port 25.
Note I said ADDITIONAL ports - as Exchange will support SSL on the native ports as well.
You will probably need to reconfigure the clients, so make it work inside as well as outside.

Can you not use RPC over HTTPS though?

Simon.
0
 

Author Comment

by:mrpc_cambodia
ID: 16957138
Actually RPC over HTTPS is good. but in my environment, users are using POP3.

I want to know when I request a certificate, for the common name, should I use my real internet DNS name or my local netbios name.

The reason I ask is like this: my mail server is behind a firewall/NAT server. so in reality, my mail server is local to my LAN. so it makes me confuse what name I should use for the common name to request the certificate.

so can you guide me so I can clear this out?

Thanks,
0
 
LVL 104

Assisted Solution

by:Sembee
Sembee earned 50 total points
ID: 16959839
Common name is what the users will enter in to their browser. It will not be the netbios name as that isn't what the users will be entering.

Certificate use three things to check...

1. Is the certificate valid
2. Was it issued by someone I trust
3. Does the name on the certificate match the name I am accessing.

Any of those fail, then everything fails.

Simon.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question