exchange secure mail

Aamer-
Aamer- used Ask the Experts™
on
we want to have a secure way of exchanging emails with our partner company. I want to know what are some of the best options to do this.  One is the option to enable TLS and create connectors between the two exchange servers. There is a cisco mail relay on our side and still not sure whats on the other side. I am exploring all the options for this. Need some options or direction to move on
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Manikandan NarayanswamySecurity Specialist & IBM Security Guardium

Commented:
Hi,

The best option to secure emails on Exchange is using TLS please find the below link for the same

https://technet.microsoft.com/en-us/library/bb123543(v=exchg.141).aspx
https://technet.microsoft.com/en-us/library/bb430753(v=exchg.150).aspx

Thanks
Manikandan
Most Valuable Expert 2014

Commented:
Mutual TLS will protect the email in transit between the servers. However if you have something between the Exchange servers then you need to do mutual TLS on them as well, so the entire path is protected.
In a lot of cases, trying to setup a direct path between the two sites is the best option. I don't mean a VPN, but just a dedicated Send and Receive connector on both side for each other, with the relevant holes in the firewall allowed for just the other IP address to connect. That will save trying to get the entire path on Mutual TLS.

Simon.

Author

Commented:
TSL encrypts the channel and s/mime is an end to end encryption mechanism. can I use both of them together. I will create a send and receive connectors on  both ends that will encrypt the channel and users will use s/mime digital signatures to encrypt individual mails. I also have a question related to s/mime, what happens when I send a mail to multiple recipiants
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Most Valuable Expert 2014

Commented:
You can use both if you wish.
An S/MIME message is still a regular email, as email is just plain text at the end of the day. Therefore sending S/MIME over a TLS connection will work fine.

Simon.

Author

Commented:
so the best solution would be to create send/receive connectors between the two organizations configured for TLS. and also issue user certificates to be used for s/mime. exchange root certificates between the two organizations and make sure certificates on both the ends trust each others certificates
Most Valuable Expert 2014

Commented:
That would provide you with the most effective solution. There is some work involved to get the certificates in place - as you have identified around trust.

Simon.

Author

Commented:
there is a cisco mil gateway also in the path. now do I have to configure tls on the cisco mail gateway and what needs to be done on my exchange servers. will it be a tls session between my cisco mail gateway and the tls device on the other side or will I need to create connectors between on my exchange servers
Most Valuable Expert 2014
Commented:
As you have asked the question elsewhere...

https://www.experts-exchange.com/questions/28937535/Secure-mail-with-partners.html

I suggest that you close this question.

Author

Commented:
thanks

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial