?
Solved

IIS6 or 7 Virtual SMTP Server - Opportunistic TLS

Posted on 2012-12-28
4
Medium Priority
?
1,612 Views
Last Modified: 2013-01-14
We run an internal SMTP relay server, on 32-bit standard edition Windows 2003 Server, via IIS6 virtual SMTP server.  We need to turn on TLS for some but not all external recipients.  

I've read that when you enable TLS on the SMTP server bundled with IIS6  the SMTP server will require TLS support on ALL remote hosts it tries to send email to.

Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008?  That is to say where our server will only send mail using TLS if the remote SMTP server advertises it is capable of accepting it, and will send all other mail normally, to those who don't accept TLS email?
0
Comment
Question by:citpaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 2000 total points
ID: 38727260
Opportunistic TLS means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a client does request TLS, a TLS session will be created and encrypt the traffic of the connection. This is useful typically for servers who don’t know who their always going to have to serve data to and must allow either TLS or non-TLS connections.

Required TLS is forcing TLS and preventing traffic if TLS is not established between the two endpoints of the connection. You can require TLS at both the server side and client side. Some implementations allow finer grain control, like IP lists of servers to require TLS for. Many email implementations such as Postfix and McAfee Email Protection Services boast of this functionality.

Referance: http://www.rexconsulting.net/opportunistic-vs-required-tls.html

You will have to use exchange to use 'Opportunistic TLS'
0
 

Author Comment

by:citpaj
ID: 38727335
From your explanation, I take it that even the Windows Server 2012 IIS/SMTP server can't be configured to use Opportunistic TLS, hence the need to go to Exchange?

If that's the case, then do you know if Postfix supports 'Opportunistic' without the need to manage IP lists for TLS target domains?  I'd prefer to implement Postfix than get back into an MS Exchange solution

Thanks.

Paul.
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38771424
Did you manage to get an answer for your query?
0
 

Author Comment

by:citpaj
ID: 38774528
No answer from the forum, but I found the answer on a web site.  Apparently Postfix can be set up to do Opportunistic.  One of my Uni/Linux guys has built me a Postfix server, configured it to do Opportunistic and I plan to test this shortly.

Given that my initial question was "Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008" I'll accept your original reply as the solution.  Thanks for the help.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question