Link to home
Start Free TrialLog in
Avatar of Aamer-
Aamer-

asked on

exchange secure mail

we want to have a secure way of exchanging emails with our partner company. I want to know what are some of the best options to do this.  One is the option to enable TLS and create connectors between the two exchange servers. There is a cisco mail relay on our side and still not sure whats on the other side. I am exploring all the options for this. Need some options or direction to move on
Avatar of Manikandan Narayanswamy
Manikandan Narayanswamy
Flag of India image

Hi,

The best option to secure emails on Exchange is using TLS please find the below link for the same

https://technet.microsoft.com/en-us/library/bb123543(v=exchg.141).aspx
https://technet.microsoft.com/en-us/library/bb430753(v=exchg.150).aspx

Thanks
Manikandan
Avatar of Simon Butler (Sembee)
Mutual TLS will protect the email in transit between the servers. However if you have something between the Exchange servers then you need to do mutual TLS on them as well, so the entire path is protected.
In a lot of cases, trying to setup a direct path between the two sites is the best option. I don't mean a VPN, but just a dedicated Send and Receive connector on both side for each other, with the relevant holes in the firewall allowed for just the other IP address to connect. That will save trying to get the entire path on Mutual TLS.

Simon.
Avatar of Aamer-
Aamer-

ASKER

TSL encrypts the channel and s/mime is an end to end encryption mechanism. can I use both of them together. I will create a send and receive connectors on  both ends that will encrypt the channel and users will use s/mime digital signatures to encrypt individual mails. I also have a question related to s/mime, what happens when I send a mail to multiple recipiants
You can use both if you wish.
An S/MIME message is still a regular email, as email is just plain text at the end of the day. Therefore sending S/MIME over a TLS connection will work fine.

Simon.
Avatar of Aamer-

ASKER

so the best solution would be to create send/receive connectors between the two organizations configured for TLS. and also issue user certificates to be used for s/mime. exchange root certificates between the two organizations and make sure certificates on both the ends trust each others certificates
That would provide you with the most effective solution. There is some work involved to get the certificates in place - as you have identified around trust.

Simon.
Avatar of Aamer-

ASKER

there is a cisco mil gateway also in the path. now do I have to configure tls on the cisco mail gateway and what needs to be done on my exchange servers. will it be a tls session between my cisco mail gateway and the tls device on the other side or will I need to create connectors between on my exchange servers
ASKER CERTIFIED SOLUTION
Avatar of Simon Butler (Sembee)
Simon Butler (Sembee)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Aamer-

ASKER

thanks