Solved

Receive secure email from external company

Posted on 2011-02-24
3
648 Views
Last Modified: 2012-05-11
Hi Folks,

My company is going to be receiving emails from another company who has asked to ensure that we can receive secure emails and that our exchange 2003 system is capable of supporting TLS.  

As mentioned above we have an Exchange 2003 server (just one server). I have a certificate installed to access our email through Outlook Web Access (and access them through IPhone's).

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company. If so do I need to install the certificates onto the 5 users PC's.

Rgds,

Dave
0
Comment
Question by:Daithi_Mc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:karim_hashish
ID: 34975041
Hello

let me first answer your sub questions then i'll answer the main one

is our exchange 2003 system is capable of supporting TLS. ? Yes it is.

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company ? No you don't. the main purpose of the certificate is to ensure secure communication as when the message enter your organization it will be like any other messages.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

   1. Install an X.509 server certificate on the server.

   2. Create a new SMTP Connector dedicated to that domain and specify the IP of the other company relay as the smart host at which the mail will be forwarded.

3- In the address space tab specify the remote domain address space (*@another.com) of the other company,

   3. To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

if you have any questions thanks to refer back.

Best Regards,

Karim
0
 

Author Comment

by:Daithi_Mc
ID: 34981529
Hi Karim,

I won't be directly communicating with the other exchange server and it is only for incoming emails. Do I still need to create the X509 certificate?

I wont be needing to secure outgoing emails with TLS.

What I have done is enable TLS on:

ESM - Servers - Protocols - SMTP - SMTP Default VS - Right Click -Properties.  

Click Access Tab - authentication Button and put a tick in "REQUIRES TLS ENCRYPTION"

Will this suffice for what I need?

Rgds,

Dave

0
 
LVL 4

Accepted Solution

by:
karim_hashish earned 500 total points
ID: 34987818
Hello

To enable TLS for receive only, you need to purchase an SSL cert from an approved vendor and install it onto the SMTP VS via the Certificate Wizard found on the Access tab of the VS properties dialog (I guess you already have this certificate,  just import it on the SMTP Virtual server as mentioned below).

Once this is in place, test that TLS is possible by using TELNET against your mail server, typing EHLO and pressing enter.

Your mail server should send back a list of verbs which would include:

250-STARTTLS

This informs a remote mail server that your mail server supports TLS, and if it so chooses, begins the process of sharing public keys so that an encrypted channel can be created.

If you still have any question or for further assistance don't hesitate to refer back.

Thanks and have a nice week-end

Best Regards,

Karim
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question