[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Securing email communications through imap, pop, smtp, and OWA

Posted on 2008-11-10
9
Medium Priority
?
439 Views
Last Modified: 2013-11-29
I have been tasked by a client to secure up their email communications. They are running Exchange Server 2003 on Windows Server 2003. They have users access email via OWA, imap, pop, and smtp. I'm looking for instructions on how to create an SSL certificate using Server 2003 Certificate Authority and how to deply to the Exchange server. I'm also asking for any input on how to secure communication for imap, pop, and smtp. Any help would be greatly appreciated.
0
Comment
Question by:eschipman
  • 4
  • 3
  • 2
9 Comments
 
LVL 9

Accepted Solution

by:
abdulzis earned 1000 total points
ID: 22928158
0
 

Author Comment

by:eschipman
ID: 22928178
Is using certificates the best way to secure IMAP, POP, and SMTP communication as well?
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22928191
A certificate will be a the biggest step in the right direction.  Also I would suggest implementing a secure password policy that forces users to change there passwords on a regular schedule.

As for installing the certificate screen shots are great but, I love netometer's video step by step walk through.  This is for a GoDaddy certificate, which is what I like to use.  But they also have other walk through's.

http://www.netometer.com/video/tutorials/godaddy-ssl-certificate/index.php

Would you also like information on how to lock down PDA/smartphones?

Good luck,
tenaj
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 

Author Comment

by:eschipman
ID: 22932692
Are there any other security measures I should take when securing IMAP, POP, and SMTP communications? Also can the certificate I create and use to secure OWA be used for IMAP, POP, and SMTP or do I need to create a seperate certificate for each?

Also It was my understanding that if you setup a certificate in the Exchange System Manager for IMAP, POP, and SMTP that it was just used for encrypting and signing emails. Am I incorrect about that?
0
 

Author Comment

by:eschipman
ID: 22932722
One last question. In the instructions for setting up SSL both set it up on the Default Web Site. If I'm looking to secure OWA do I set it up on the Default web site or External Exchange?
0
 
LVL 15

Expert Comment

by:tenaj-207
ID: 22936090
You set it up on the Default web site.  I'm not sure what you mean by the External Exchange?
0
 
LVL 9

Expert Comment

by:abdulzis
ID: 22937156
You can use the same certificate for SMTP, IMAP, POP and OWA. However, digitally signing and encrypting emails at the client level (outlook) requires the use of personal certificates.
0
 

Author Comment

by:eschipman
ID: 22982627
Thanks very much for the help I got the certificates installed tonight and they work great. one last question. After setting up the certificate on IMAP, POP, and SMTP if I set it to require the secure connection will I need to reconfigure users email on their computers to connect?
0
 
LVL 15

Assisted Solution

by:tenaj-207
tenaj-207 earned 1000 total points
ID: 22982650
If users are set to to not use an SSL connection then yes, you will need to reconfigure the computers to use SSL with inbound and outbound traffic.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month18 days, 18 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question