Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

IIS6 or 7 Virtual SMTP Server - Opportunistic TLS

Posted on 2012-12-28
4
Medium Priority
?
1,666 Views
Last Modified: 2013-01-14
We run an internal SMTP relay server, on 32-bit standard edition Windows 2003 Server, via IIS6 virtual SMTP server.  We need to turn on TLS for some but not all external recipients.  

I've read that when you enable TLS on the SMTP server bundled with IIS6  the SMTP server will require TLS support on ALL remote hosts it tries to send email to.

Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008?  That is to say where our server will only send mail using TLS if the remote SMTP server advertises it is capable of accepting it, and will send all other mail normally, to those who don't accept TLS email?
0
Comment
Question by:citpaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 2000 total points
ID: 38727260
Opportunistic TLS means that a server will accept TLS connections from the client if the client asks for TLS in its handshake, but it won’t require it. When the opportunity arises that a client does request TLS, a TLS session will be created and encrypt the traffic of the connection. This is useful typically for servers who don’t know who their always going to have to serve data to and must allow either TLS or non-TLS connections.

Required TLS is forcing TLS and preventing traffic if TLS is not established between the two endpoints of the connection. You can require TLS at both the server side and client side. Some implementations allow finer grain control, like IP lists of servers to require TLS for. Many email implementations such as Postfix and McAfee Email Protection Services boast of this functionality.

Referance: http://www.rexconsulting.net/opportunistic-vs-required-tls.html

You will have to use exchange to use 'Opportunistic TLS'
0
 

Author Comment

by:citpaj
ID: 38727335
From your explanation, I take it that even the Windows Server 2012 IIS/SMTP server can't be configured to use Opportunistic TLS, hence the need to go to Exchange?

If that's the case, then do you know if Postfix supports 'Opportunistic' without the need to manage IP lists for TLS target domains?  I'd prefer to implement Postfix than get back into an MS Exchange solution

Thanks.

Paul.
0
 
LVL 13

Expert Comment

by:Yagya Shree
ID: 38771424
Did you manage to get an answer for your query?
0
 

Author Comment

by:citpaj
ID: 38774528
No answer from the forum, but I found the answer on a web site.  Apparently Postfix can be set up to do Opportunistic.  One of my Uni/Linux guys has built me a Postfix server, configured it to do Opportunistic and I plan to test this shortly.

Given that my initial question was "Is there any way to enable 'Opportunistic TLS' on this or Windows Server 2008" I'll accept your original reply as the solution.  Thanks for the help.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question