Securing POP and SMTP for Exchange 2003

We use Exchange 2003 and have a frontend server and 3 backend servers. The frontend is used for centralised OWA access, but I would like to use this for secure POP\IMAP access, predominately for smart phones.

I have secured POP and IMAP using SSL, and that is working fine. My question is in relation to SMTP.

Does SMTP have to be encrypted in the same manner for client connections to the front end server? If I enable SLL on the SMTP virtual server of the front end server, this should encrypt all client\server smtp traffic? Is this recommended?

I assume existing email delivery should be remain unaffected, as the front-end will pass any outbound email to the relevant backend server for delivery? (all backends send their own outbound email, no bridge heads or smart hosts etc due to child company structure and geographic locations).

Is it enough to just secure the POP3 session?

On a side note, should all SMTP virtual servers use at least TLS as a best practice? or does this create problems with connections between external email servers?

Is it ok to use SSL cert on an exchange server that handles outbound email delivery? Are there any potential caveats with this?

I would really like to harden our exchange environment.
LVL 2
felixresourcesAsked:
Who is Participating?
 
MONSTA2008Connect With a Mentor Commented:
If you really want to harden Exchange I would recommend you check out the Department of Defense DISA Security Guidlines (STIGs) for Exchange.  They can be found here.

http://iase.disa.mil/stigs/checklist/index.html
0
 
tntmaxCommented:
http://sial.org/howto/openssl/tls-name/

Alternatively, have your users install PGP and encrypt the email at the desktop level. This requires sharing PGP keys. Encrypted SMTP traffic depends on the recipient server supporting it as well.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.