Solved

Email, SMTP security and encryption end -to- end servers.

Posted on 2014-10-06
1
609 Views
Last Modified: 2014-10-07
I have question regarding encryption of email messages from a end user to receiver user.
Putting SSL on exchange server, it encrypts message traffic from a client to the server and either way. What about the SMTP traffic between the server to the receiver's SMTP server and from the receiver SMTP server to the receiver's interface?

sender--------sending SMTP server--------Internet---------receiving SMTP server----receiver

Question 1:
In this case, I put SSL on my Microsoft exchange server between sender and the sending SMTP server. So it encrypts the message. When the message leaves the sendng SMTP server and during the trip to the receiing SMTP server, how does the message decides what encryption to choose and how can I choose it and deploy?

Question 2:
Even when the sending SMTP server enfoce the high encryption method, if the receiving SMTP server doesn't have the encryption method, then how the two servers negotiate the encryption to use?
0
Comment
Question by:crcsupport
1 Comment
 
LVL 33

Accepted Solution

by:
Dave Howe earned 500 total points
ID: 40365623
A lot here depends on the software being used on the two mail servers, but taking a typical example of explicit TLS, each mail server can be set to one of the following for inbound:

a) allow unencrypted connections, offer TLS in response to EHLO requests (requires cert on server)
b) require TLS

for outbound:
a) allow unencrypted connections, support TLS if offered (aka "opportunistic TLS")
b) require TLS, but don't require a valid certificate
c) require TLS, require a valid certificate, but don't authenticate the signature (so self signed ok, wrong name or validity period rejected)
d) require TLS, require a valid certificate signed by a CA

so in your chain, you have inbound from sender to mailserver A, outbound from mailserver A to mailserver B, inbound from mailserver A to mailserver B (same connection obviously, but two points of view), outbound from mailserver B to recipient.

for mailserver B, there is also the possibility (actually, quite probable) that the mail is held on the server and pulled to the recipient, using (eg) POP3 or IMAP - these would count as "inbound" connnections, so the options for inbound would apply.

Note, all of this is TRANSPORT security - usually end-to-end implies client encryption such as pgp, s/mime or CRES, which is a separate/independent solution (and can be used in addition to or as an alternative to transport security)
0

Featured Post

Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now