Solved

IIS6 or 7 Virtual SMTP Server - Opportunistic TLS

Posted on 2012-12-28
4
1,509 Views
Last Modified: 2013-01-14
We run an internal SMTP relay server, on 32-bit standard edition Windows 2003 Server, via IIS6 virtual SMTP server.  We need to turn on TLS for some but not all external recipients.  

I've read that when you enable TLS on the SMTP server bundled with IIS6  the SMTP server will require TLS support on ALL remote hosts it tries to send email to.

Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008?  That is to say where our server will only send mail using TLS if the remote SMTP server advertises it is capable of accepting it, and will send all other mail normally, to those who don't accept TLS email?
0
Comment
Question by:citpaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 500 total points
ID: 38727260
Opportunistic TLS means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a client does request TLS, a TLS session will be created and encrypt the traffic of the connection. This is useful typically for servers who don’t know who their always going to have to serve data to and must allow either TLS or non-TLS connections.

Required TLS is forcing TLS and preventing traffic if TLS is not established between the two endpoints of the connection. You can require TLS at both the server side and client side. Some implementations allow finer grain control, like IP lists of servers to require TLS for. Many email implementations such as Postfix and McAfee Email Protection Services boast of this functionality.

Referance: http://www.rexconsulting.net/opportunistic-vs-required-tls.html

You will have to use exchange to use 'Opportunistic TLS'
0
 

Author Comment

by:citpaj
ID: 38727335
From your explanation, I take it that even the Windows Server 2012 IIS/SMTP server can't be configured to use Opportunistic TLS, hence the need to go to Exchange?

If that's the case, then do you know if Postfix supports 'Opportunistic' without the need to manage IP lists for TLS target domains?  I'd prefer to implement Postfix than get back into an MS Exchange solution

Thanks.

Paul.
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38771424
Did you manage to get an answer for your query?
0
 

Author Comment

by:citpaj
ID: 38774528
No answer from the forum, but I found the answer on a web site.  Apparently Postfix can be set up to do Opportunistic.  One of my Uni/Linux guys has built me a Postfix server, configured it to do Opportunistic and I plan to test this shortly.

Given that my initial question was "Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008" I'll accept your original reply as the solution.  Thanks for the help.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question