[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Email, SMTP security and encryption end -to- end servers.

Posted on 2014-10-06
1
Medium Priority
?
685 Views
Last Modified: 2014-10-07
I have question regarding encryption of email messages from a end user to receiver user.
Putting SSL on exchange server, it encrypts message traffic from a client to the server and either way. What about the SMTP traffic between the server to the receiver's SMTP server and from the receiver SMTP server to the receiver's interface?

sender--------sending SMTP server--------Internet---------receiving SMTP server----receiver

Question 1:
In this case, I put SSL on my Microsoft exchange server between sender and the sending SMTP server. So it encrypts the message. When the message leaves the sendng SMTP server and during the trip to the receiing SMTP server, how does the message decides what encryption to choose and how can I choose it and deploy?

Question 2:
Even when the sending SMTP server enfoce the high encryption method, if the receiving SMTP server doesn't have the encryption method, then how the two servers negotiate the encryption to use?
0
Comment
Question by:crcsupport
1 Comment
 
LVL 33

Accepted Solution

by:
Dave Howe earned 2000 total points
ID: 40365623
A lot here depends on the software being used on the two mail servers, but taking a typical example of explicit TLS, each mail server can be set to one of the following for inbound:

a) allow unencrypted connections, offer TLS in response to EHLO requests (requires cert on server)
b) require TLS

for outbound:
a) allow unencrypted connections, support TLS if offered (aka "opportunistic TLS")
b) require TLS, but don't require a valid certificate
c) require TLS, require a valid certificate, but don't authenticate the signature (so self signed ok, wrong name or validity period rejected)
d) require TLS, require a valid certificate signed by a CA

so in your chain, you have inbound from sender to mailserver A, outbound from mailserver A to mailserver B, inbound from mailserver A to mailserver B (same connection obviously, but two points of view), outbound from mailserver B to recipient.

for mailserver B, there is also the possibility (actually, quite probable) that the mail is held on the server and pulled to the recipient, using (eg) POP3 or IMAP - these would count as "inbound" connnections, so the options for inbound would apply.

Note, all of this is TRANSPORT security - usually end-to-end implies client encryption such as pgp, s/mime or CRES, which is a separate/independent solution (and can be used in addition to or as an alternative to transport security)
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question