e-mail encrypted connector

Hi

I’m looking for solution for following scenario:
1. Exchange Server 2007 as main company server which send e-mails to all company customers.
2. One customer is business critical and requires encryption for all e-mails sent and received.

How to easy set up solution for this that all messages send and received to and from customer server will be encrypted – I can get cooperation of IT support from this company.
Could you give me an idea how to do this without spending too much money please?

Kind Regards

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

coffeeking

Easiest solution is to use the Digital Security certifcates...get one for you and one for the other side...with these certificate you can digitally sign and encrypt messages...for encryption both sides need to have a certifcate...have you looked into Thawte certificates...I don't think they are very hard to obtain...in terms of cost, you will have to look it up.

dave0212

If you already have a windows infrastructure then the cheapest option (although not the easiest) would be to build your own PKI

Claymoore

You want to implement TLS (Transport Layer Security) between the mail servers:

TLS Functionality and Related Terminology in Exchange 2007
Exchange 2007 Mail Flow (DNS Records, Connectors, and TLS) | Elan Shudnow's Blog

A couple of things to remember:

You must use a valid 3rd party CA to sign the certificates so they are trusted by the other servers.
The FQDN (masquerade domain in 2003) of the connector must match the name on the certificate. The general recommendation here is to get a Unified Communication certificate rather than a single server or even wildcard certificate.

Exchange 2007 supports Opportunistic TLS and will attempt to initiate a TLS session (using the STARTTLS in the EHLO response) with any server that also has a valid certificate for TLS. This will encrypt - but not authenticate - the transmission. You can also implement Mutual TLS between you and your secure partner which will both encrypt the mail and authenticate the server. As a bonus, Outlook 2007 will display a 'Domain Secured' message in emails from your partner when you use Mutual TLS.

HeroPsycho

Claymoore wrote: »

You must use a valid 3rd party CA to sign the certificates so they are trusted by the other servers.

While commercial certificates would be the easiest way to accomplish this, that's not true. You could exchange root certificates with the company you wish to use TLS for, and import those root certs into the mail server computer certificate stores under Trusted Root.

PiotrIr

Ok so it looks TLS is what I’m looking for. Many thanks for your help.