• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 442
  • Last Modified:

Securing email communications through imap, pop, smtp, and OWA

I have been tasked by a client to secure up their email communications. They are running Exchange Server 2003 on Windows Server 2003. They have users access email via OWA, imap, pop, and smtp. I'm looking for instructions on how to create an SSL certificate using Server 2003 Certificate Authority and how to deply to the Exchange server. I'm also asking for any input on how to secure communication for imap, pop, and smtp. Any help would be greatly appreciated.
0
eschipman
Asked:
eschipman
  • 4
  • 3
  • 2
2 Solutions
 
eschipmanAuthor Commented:
Is using certificates the best way to secure IMAP, POP, and SMTP communication as well?
0
 
tenaj-207Commented:
A certificate will be a the biggest step in the right direction.  Also I would suggest implementing a secure password policy that forces users to change there passwords on a regular schedule.

As for installing the certificate screen shots are great but, I love netometer's video step by step walk through.  This is for a GoDaddy certificate, which is what I like to use.  But they also have other walk through's.

http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

Would you also like information on how to lock down PDA/smartphones?

Good luck,
tenaj
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
eschipmanAuthor Commented:
Are there any other security measures I should take when securing IMAP, POP, and SMTP communications? Also can the certificate I create and use to secure OWA be used for IMAP, POP, and SMTP or do I need to create a seperate certificate for each?

Also It was my understanding that if you setup a certificate in the Exchange System Manager for IMAP, POP, and SMTP that it was just used for encrypting and signing emails. Am I incorrect about that?
0
 
eschipmanAuthor Commented:
One last question. In the instructions for setting up SSL both set it up on the Default Web Site. If I'm looking to secure OWA do I set it up on the Default web site or External Exchange?
0
 
tenaj-207Commented:
You set it up on the Default web site.  I'm not sure what you mean by the External Exchange?
0
 
abdulzisCommented:
You can use the same certificate for SMTP, IMAP, POP and OWA. However, digitally signing and encrypting emails at the client level (outlook) requires the use of personal certificates.
0
 
eschipmanAuthor Commented:
Thanks very much for the help I got the certificates installed tonight and they work great. one last question. After setting up the certificate on IMAP, POP, and SMTP if I set it to require the secure connection will I need to reconfigure users email on their computers to connect?
0
 
tenaj-207Commented:
If users are set to to not use an SSL connection then yes, you will need to reconfigure the computers to use SSL with inbound and outbound traffic.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 4
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now