Solved

IIS6 or 7 Virtual SMTP Server - Opportunistic TLS

Posted on 2012-12-28
4
1,552 Views
Last Modified: 2013-01-14
We run an internal SMTP relay server, on 32-bit standard edition Windows 2003 Server, via IIS6 virtual SMTP server.  We need to turn on TLS for some but not all external recipients.  

I've read that when you enable TLS on the SMTP server bundled with IIS6  the SMTP server will require TLS support on ALL remote hosts it tries to send email to.

Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008?  That is to say where our server will only send mail using TLS if the remote SMTP server advertises it is capable of accepting it, and will send all other mail normally, to those who don't accept TLS email?
0
Comment
Question by:citpaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 500 total points
ID: 38727260
Opportunistic TLS means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a client does request TLS, a TLS session will be created and encrypt the traffic of the connection. This is useful typically for servers who don’t know who their always going to have to serve data to and must allow either TLS or non-TLS connections.

Required TLS is forcing TLS and preventing traffic if TLS is not established between the two endpoints of the connection. You can require TLS at both the server side and client side. Some implementations allow finer grain control, like IP lists of servers to require TLS for. Many email implementations such as Postfix and McAfee Email Protection Services boast of this functionality.

Referance: http://www.rexconsulting.net/opportunistic-vs-required-tls.html

You will have to use exchange to use 'Opportunistic TLS'
0
 

Author Comment

by:citpaj
ID: 38727335
From your explanation, I take it that even the Windows Server 2012 IIS/SMTP server can't be configured to use Opportunistic TLS, hence the need to go to Exchange?

If that's the case, then do you know if Postfix supports 'Opportunistic' without the need to manage IP lists for TLS target domains?  I'd prefer to implement Postfix than get back into an MS Exchange solution

Thanks.

Paul.
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38771424
Did you manage to get an answer for your query?
0
 

Author Comment

by:citpaj
ID: 38774528
No answer from the forum, but I found the answer on a web site.  Apparently Postfix can be set up to do Opportunistic.  One of my Uni/Linux guys has built me a Postfix server, configured it to do Opportunistic and I plan to test this shortly.

Given that my initial question was "Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008" I'll accept your original reply as the solution.  Thanks for the help.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question