Solved

Ins and outs of TLS?

Posted on 2012-04-02
6
341 Views
Last Modified: 2012-05-10
Hello!
 Have a client that is required to use TLS for accepting mail from a government agency.  I have a 2003 Small Business Server Std and wonder how to implement it.  Or is it already on?  How do I use it?  Get Exchange to use it?  
 As you may be albe to tell, I am not that familiar with it.  I know its secure smtp over a different port (isnt it?) and just need some guidance on how to implement / configure it.

 Many thanks!
0
Comment
Question by:Lorenzo Cricchio
  • 3
  • 3
6 Comments
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37797427
TLS doesn't run over a separate port for SMTP. Basically what happens in a TLS SMTP transaction is when the two servers communicate with one another, the sending server issues a STARTTLS command to the receiving server. If this command succeeds, the transaction begins to be secured using the server certificate that is assigned to the server, much like HTTPS is secured with SSL. You have to configure it to work with Exchange 2003. I haven't worked with 2003 in a *long* time so I don't know the specifics, but I think you have to create a new send connector that requires TLS to communicate with the government organization. http://www.networkworld.com/news/2007/011807-tls1.html has a lot of information about TLS and how to implement it with Exchange 2003. Note that there are 5 parts to it, so read the first and at the bottom of that there are links to 4 more articles.
0
 
LVL 1

Author Comment

by:Lorenzo Cricchio
ID: 37797783
Does the incoming still travel over port 25?  I dont have the SBS multihoned and is behind a firewall.  Along with 25, 443 is sent to the SBS.  
  I think they already have a cert from Godaddy.  I suspect I can use that one?
0
 
LVL 38

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 37797788
All Secured SMTP traffic using TLS goes over port 25 (Unless you configure it to use a different port, which is possible). And you can use your Godaddy cert for the connection.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 1

Author Comment

by:Lorenzo Cricchio
ID: 37797819
they do have a cert, but I think it was selfsigned. That still ok to use?
0
 
LVL 38

Expert Comment

by:Adam Brown
ID: 37797854
It's not preferred. You might get some error messages in your event logs regarding the certificate if you use that one, but the TLS session should still work.
0
 
LVL 1

Author Closing Comment

by:Lorenzo Cricchio
ID: 37954496
Cert from godaddy installed and seems to be up and running AOK!  Thanks!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
If you don't know how to downgrade, my instructions below should be helpful.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now