felixresources
asked on
Securing POP and SMTP for Exchange 2003
We use Exchange 2003 and have a frontend server and 3 backend servers. The frontend is used for centralised OWA access, but I would like to use this for secure POP\IMAP access, predominately for smart phones.
I have secured POP and IMAP using SSL, and that is working fine. My question is in relation to SMTP.
Does SMTP have to be encrypted in the same manner for client connections to the front end server? If I enable SLL on the SMTP virtual server of the front end server, this should encrypt all client\server smtp traffic? Is this recommended?
I assume existing email delivery should be remain unaffected, as the front-end will pass any outbound email to the relevant backend server for delivery? (all backends send their own outbound email, no bridge heads or smart hosts etc due to child company structure and geographic locations).
Is it enough to just secure the POP3 session?
On a side note, should all SMTP virtual servers use at least TLS as a best practice? or does this create problems with connections between external email servers?
Is it ok to use SSL cert on an exchange server that handles outbound email delivery? Are there any potential caveats with this?
I would really like to harden our exchange environment.
I have secured POP and IMAP using SSL, and that is working fine. My question is in relation to SMTP.
Does SMTP have to be encrypted in the same manner for client connections to the front end server? If I enable SLL on the SMTP virtual server of the front end server, this should encrypt all client\server smtp traffic? Is this recommended?
I assume existing email delivery should be remain unaffected, as the front-end will pass any outbound email to the relevant backend server for delivery? (all backends send their own outbound email, no bridge heads or smart hosts etc due to child company structure and geographic locations).
Is it enough to just secure the POP3 session?
On a side note, should all SMTP virtual servers use at least TLS as a best practice? or does this create problems with connections between external email servers?
Is it ok to use SSL cert on an exchange server that handles outbound email delivery? Are there any potential caveats with this?
I would really like to harden our exchange environment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Alternatively, have your users install PGP and encrypt the email at the desktop level. This requires sharing PGP keys. Encrypted SMTP traffic depends on the recipient server supporting it as well.