Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Email, SMTP security and encryption end -to- end servers.

Posted on 2014-10-06
1
629 Views
Last Modified: 2014-10-07
I have question regarding encryption of email messages from a end user to receiver user.
Putting SSL on exchange server, it encrypts message traffic from a client to the server and either way. What about the SMTP traffic between the server to the receiver's SMTP server and from the receiver SMTP server to the receiver's interface?

sender--------sending SMTP server--------Internet---------receiving SMTP server----receiver

Question 1:
In this case, I put SSL on my Microsoft exchange server between sender and the sending SMTP server. So it encrypts the message. When the message leaves the sendng SMTP server and during the trip to the receiing SMTP server, how does the message decides what encryption to choose and how can I choose it and deploy?

Question 2:
Even when the sending SMTP server enfoce the high encryption method, if the receiving SMTP server doesn't have the encryption method, then how the two servers negotiate the encryption to use?
0
Comment
Question by:crcsupport
1 Comment
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40365623
A lot here depends on the software being used on the two mail servers, but taking a typical example of explicit TLS, each mail server can be set to one of the following for inbound:

a) allow unencrypted connections, offer TLS in response to EHLO requests (requires cert on server)
b) require TLS

for outbound:
a) allow unencrypted connections, support TLS if offered (aka "opportunistic TLS")
b) require TLS, but don't require a valid certificate
c) require TLS, require a valid certificate, but don't authenticate the signature (so self signed ok, wrong name or validity period rejected)
d) require TLS, require a valid certificate signed by a CA

so in your chain, you have inbound from sender to mailserver A, outbound from mailserver A to mailserver B, inbound from mailserver A to mailserver B (same connection obviously, but two points of view), outbound from mailserver B to recipient.

for mailserver B, there is also the possibility (actually, quite probable) that the mail is held on the server and pulled to the recipient, using (eg) POP3 or IMAP - these would count as "inbound" connnections, so the options for inbound would apply.

Note, all of this is TRANSPORT security - usually end-to-end implies client encryption such as pgp, s/mime or CRES, which is a separate/independent solution (and can be used in addition to or as an alternative to transport security)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
as logs exchange 2010 7 48
On-premise Digitally Signed/Encrypted Secure E-mail Solutions 1 48
Exchange 2016 Cloud Witness 1 53
Exchange 2010 SP1 to SP3 + RU16 8 73
In 2017, ransomware will become so virulent and widespread that if you aren’t a victim yourself, you will know someone who is.
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question