Solved

Receive secure email from external company

Posted on 2011-02-24
3
646 Views
Last Modified: 2012-05-11
Hi Folks,

My company is going to be receiving emails from another company who has asked to ensure that we can receive secure emails and that our exchange 2003 system is capable of supporting TLS.  

As mentioned above we have an Exchange 2003 server (just one server). I have a certificate installed to access our email through Outlook Web Access (and access them through IPhone's).

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company. If so do I need to install the certificates onto the 5 users PC's.

Rgds,

Dave
0
Comment
Question by:Daithi_Mc
  • 2
3 Comments
 
LVL 4

Expert Comment

by:karim_hashish
ID: 34975041
Hello

let me first answer your sub questions then i'll answer the main one

is our exchange 2003 system is capable of supporting TLS. ? Yes it is.

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company ? No you don't. the main purpose of the certificate is to ensure secure communication as when the message enter your organization it will be like any other messages.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

   1. Install an X.509 server certificate on the server.

   2. Create a new SMTP Connector dedicated to that domain and specify the IP of the other company relay as the smart host at which the mail will be forwarded.

3- In the address space tab specify the remote domain address space (*@another.com) of the other company,

   3. To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

if you have any questions thanks to refer back.

Best Regards,

Karim
0
 

Author Comment

by:Daithi_Mc
ID: 34981529
Hi Karim,

I won't be directly communicating with the other exchange server and it is only for incoming emails. Do I still need to create the X509 certificate?

I wont be needing to secure outgoing emails with TLS.

What I have done is enable TLS on:

ESM - Servers - Protocols - SMTP - SMTP Default VS - Right Click -Properties.  

Click Access Tab - authentication Button and put a tick in "REQUIRES TLS ENCRYPTION"

Will this suffice for what I need?

Rgds,

Dave

0
 
LVL 4

Accepted Solution

by:
karim_hashish earned 500 total points
ID: 34987818
Hello

To enable TLS for receive only, you need to purchase an SSL cert from an approved vendor and install it onto the SMTP VS via the Certificate Wizard found on the Access tab of the VS properties dialog (I guess you already have this certificate,  just import it on the SMTP Virtual server as mentioned below).

Once this is in place, test that TLS is possible by using TELNET against your mail server, typing EHLO and pressing enter.

Your mail server should send back a list of verbs which would include:

250-STARTTLS

This informs a remote mail server that your mail server supports TLS, and if it so chooses, begins the process of sharing public keys so that an encrypted channel can be created.

If you still have any question or for further assistance don't hesitate to refer back.

Thanks and have a nice week-end

Best Regards,

Karim
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now