Solved

IIS6 or 7 Virtual SMTP Server - Opportunistic TLS

Posted on 2012-12-28
4
1,398 Views
Last Modified: 2013-01-14
We run an internal SMTP relay server, on 32-bit standard edition Windows 2003 Server, via IIS6 virtual SMTP server.  We need to turn on TLS for some but not all external recipients.  

I've read that when you enable TLS on the SMTP server bundled with IIS6  the SMTP server will require TLS support on ALL remote hosts it tries to send email to.

Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008?  That is to say where our server will only send mail using TLS if the remote SMTP server advertises it is capable of accepting it, and will send all other mail normally, to those who don't accept TLS email?
0
Comment
Question by:citpaj
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 500 total points
ID: 38727260
Opportunistic TLS means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a client does request TLS, a TLS session will be created and encrypt the traffic of the connection. This is useful typically for servers who don’t know who their always going to have to serve data to and must allow either TLS or non-TLS connections.

Required TLS is forcing TLS and preventing traffic if TLS is not established between the two endpoints of the connection. You can require TLS at both the server side and client side. Some implementations allow finer grain control, like IP lists of servers to require TLS for. Many email implementations such as Postfix and McAfee Email Protection Services boast of this functionality.

Referance: http://www.rexconsulting.net/opportunistic-vs-required-tls.html

You will have to use exchange to use 'Opportunistic TLS'
0
 

Author Comment

by:citpaj
ID: 38727335
From your explanation, I take it that even the Windows Server 2012 IIS/SMTP server can't be configured to use Opportunistic TLS, hence the need to go to Exchange?

If that's the case, then do you know if Postfix supports 'Opportunistic' without the need to manage IP lists for TLS target domains?  I'd prefer to implement Postfix than get back into an MS Exchange solution

Thanks.

Paul.
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38771424
Did you manage to get an answer for your query?
0
 

Author Comment

by:citpaj
ID: 38774528
No answer from the forum, but I found the answer on a web site.  Apparently Postfix can be set up to do Opportunistic.  One of my Uni/Linux guys has built me a Postfix server, configured it to do Opportunistic and I plan to test this shortly.

Given that my initial question was "Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008" I'll accept your original reply as the solution.  Thanks for the help.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now