exchange secure mail

we want to have a secure way of exchanging emails with our partner company. I want to know what are some of the best options to do this.  One is the option to enable TLS and create connectors between the two exchange servers. There is a cisco mail relay on our side and still not sure whats on the other side. I am exploring all the options for this. Need some options or direction to move on
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Manikandan NarayanswamySecurity Specialist & IBM Security GuardiumCommented:

The best option to secure emails on Exchange is using TLS please find the below link for the same

Simon Butler (Sembee)ConsultantCommented:
Mutual TLS will protect the email in transit between the servers. However if you have something between the Exchange servers then you need to do mutual TLS on them as well, so the entire path is protected.
In a lot of cases, trying to setup a direct path between the two sites is the best option. I don't mean a VPN, but just a dedicated Send and Receive connector on both side for each other, with the relevant holes in the firewall allowed for just the other IP address to connect. That will save trying to get the entire path on Mutual TLS.

Aamer-Author Commented:
TSL encrypts the channel and s/mime is an end to end encryption mechanism. can I use both of them together. I will create a send and receive connectors on  both ends that will encrypt the channel and users will use s/mime digital signatures to encrypt individual mails. I also have a question related to s/mime, what happens when I send a mail to multiple recipiants
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Simon Butler (Sembee)ConsultantCommented:
You can use both if you wish.
An S/MIME message is still a regular email, as email is just plain text at the end of the day. Therefore sending S/MIME over a TLS connection will work fine.

Aamer-Author Commented:
so the best solution would be to create send/receive connectors between the two organizations configured for TLS. and also issue user certificates to be used for s/mime. exchange root certificates between the two organizations and make sure certificates on both the ends trust each others certificates
Simon Butler (Sembee)ConsultantCommented:
That would provide you with the most effective solution. There is some work involved to get the certificates in place - as you have identified around trust.

Aamer-Author Commented:
there is a cisco mil gateway also in the path. now do I have to configure tls on the cisco mail gateway and what needs to be done on my exchange servers. will it be a tls session between my cisco mail gateway and the tls device on the other side or will I need to create connectors between on my exchange servers
Simon Butler (Sembee)ConsultantCommented:
As you have asked the question elsewhere...

I suggest that you close this question.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aamer-Author Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.