Solved

Receive secure email from external company

Posted on 2011-02-24
3
647 Views
Last Modified: 2012-05-11
Hi Folks,

My company is going to be receiving emails from another company who has asked to ensure that we can receive secure emails and that our exchange 2003 system is capable of supporting TLS.  

As mentioned above we have an Exchange 2003 server (just one server). I have a certificate installed to access our email through Outlook Web Access (and access them through IPhone's).

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company. If so do I need to install the certificates onto the 5 users PC's.

Rgds,

Dave
0
Comment
Question by:Daithi_Mc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:karim_hashish
ID: 34975041
Hello

let me first answer your sub questions then i'll answer the main one

is our exchange 2003 system is capable of supporting TLS. ? Yes it is.

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company ? No you don't. the main purpose of the certificate is to ensure secure communication as when the message enter your organization it will be like any other messages.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

   1. Install an X.509 server certificate on the server.

   2. Create a new SMTP Connector dedicated to that domain and specify the IP of the other company relay as the smart host at which the mail will be forwarded.

3- In the address space tab specify the remote domain address space (*@another.com) of the other company,

   3. To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

if you have any questions thanks to refer back.

Best Regards,

Karim
0
 

Author Comment

by:Daithi_Mc
ID: 34981529
Hi Karim,

I won't be directly communicating with the other exchange server and it is only for incoming emails. Do I still need to create the X509 certificate?

I wont be needing to secure outgoing emails with TLS.

What I have done is enable TLS on:

ESM - Servers - Protocols - SMTP - SMTP Default VS - Right Click -Properties.  

Click Access Tab - authentication Button and put a tick in "REQUIRES TLS ENCRYPTION"

Will this suffice for what I need?

Rgds,

Dave

0
 
LVL 4

Accepted Solution

by:
karim_hashish earned 500 total points
ID: 34987818
Hello

To enable TLS for receive only, you need to purchase an SSL cert from an approved vendor and install it onto the SMTP VS via the Certificate Wizard found on the Access tab of the VS properties dialog (I guess you already have this certificate,  just import it on the SMTP Virtual server as mentioned below).

Once this is in place, test that TLS is possible by using TELNET against your mail server, typing EHLO and pressing enter.

Your mail server should send back a list of verbs which would include:

250-STARTTLS

This informs a remote mail server that your mail server supports TLS, and if it so chooses, begins the process of sharing public keys so that an encrypted channel can be created.

If you still have any question or for further assistance don't hesitate to refer back.

Thanks and have a nice week-end

Best Regards,

Karim
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
You need to know the location of the Office templates folder, so that when you create new templates, they are saved to that location, and thus are available for selection when creating new documents.  The steps to find the Templates folder path are …
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question