I have to configure TLS encryption between us and our client. Here is a little plan I wrote for myself to figure out it with Postini guys, but if you have answers or any other input from your experiance, that would be much appreciated.
If we 1) Encrypt the traffic using TLS and 2) Postini allows this traffic through un-scanned (because it cannot “open” encrypted traffic), then we are facing the security risk of passing malware/viruses/spam to and from our client. We don’t have any Antivirus Mail scanning on Exchange server, which exponentially increases the risk. [I know it HAD to be installed, as absurd as it sounds - it is not my call]
Question we have to verify with Postini/MXToolbox guys:
1. Do Postini have issues with allowing TLS-encrypted traffic on their network
2. Is there a way for them to un-encrypt the traffic in order to scan it and then encrypt it back and pass it to our client.
3. If #2 is not an option – can they offer hosted solution for encrypted the traffic between us and client domain [Message Labs for example provide this type of service]