?
Solved

Receive secure email from external company

Posted on 2011-02-24
3
Medium Priority
?
649 Views
Last Modified: 2012-05-11
Hi Folks,

My company is going to be receiving emails from another company who has asked to ensure that we can receive secure emails and that our exchange 2003 system is capable of supporting TLS.  

As mentioned above we have an Exchange 2003 server (just one server). I have a certificate installed to access our email through Outlook Web Access (and access them through IPhone's).

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company. If so do I need to install the certificates onto the 5 users PC's.

Rgds,

Dave
0
Comment
Question by:Daithi_Mc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 4

Expert Comment

by:karim_hashish
ID: 34975041
Hello

let me first answer your sub questions then i'll answer the main one

is our exchange 2003 system is capable of supporting TLS. ? Yes it is.

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company ? No you don't. the main purpose of the certificate is to ensure secure communication as when the message enter your organization it will be like any other messages.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

   1. Install an X.509 server certificate on the server.

   2. Create a new SMTP Connector dedicated to that domain and specify the IP of the other company relay as the smart host at which the mail will be forwarded.

3- In the address space tab specify the remote domain address space (*@another.com) of the other company,

   3. To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

if you have any questions thanks to refer back.

Best Regards,

Karim
0
 

Author Comment

by:Daithi_Mc
ID: 34981529
Hi Karim,

I won't be directly communicating with the other exchange server and it is only for incoming emails. Do I still need to create the X509 certificate?

I wont be needing to secure outgoing emails with TLS.

What I have done is enable TLS on:

ESM - Servers - Protocols - SMTP - SMTP Default VS - Right Click -Properties.  

Click Access Tab - authentication Button and put a tick in "REQUIRES TLS ENCRYPTION"

Will this suffice for what I need?

Rgds,

Dave

0
 
LVL 4

Accepted Solution

by:
karim_hashish earned 2000 total points
ID: 34987818
Hello

To enable TLS for receive only, you need to purchase an SSL cert from an approved vendor and install it onto the SMTP VS via the Certificate Wizard found on the Access tab of the VS properties dialog (I guess you already have this certificate,  just import it on the SMTP Virtual server as mentioned below).

Once this is in place, test that TLS is possible by using TELNET against your mail server, typing EHLO and pressing enter.

Your mail server should send back a list of verbs which would include:

250-STARTTLS

This informs a remote mail server that your mail server supports TLS, and if it so chooses, begins the process of sharing public keys so that an encrypted channel can be created.

If you still have any question or for further assistance don't hesitate to refer back.

Thanks and have a nice week-end

Best Regards,

Karim
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question