e-mail encrypted connector

PiotrIrPiotrIr Member Posts: 236

I’m looking for solution for following scenario:
1. Exchange Server 2007 as main company server which send e-mails to all company customers.
2. One customer is business critical and requires encryption for all e-mails sent and received.

How to easy set up solution for this that all messages send and received to and from customer server will be encrypted – I can get cooperation of IT support from this company.
Could you give me an idea how to do this without spending too much money please?

Kind Regards


  • coffeekingcoffeeking Member Posts: 305 ■■■■□□□□□□
    Easiest solution is to use the Digital Security certifcates...get one for you and one for the other side...with these certificate you can digitally sign and encrypt messages...for encryption both sides need to have a certifcate...have you looked into Thawte certificates...I don't think they are very hard to obtain...in terms of cost, you will have to look it up.
  • dave0212dave0212 Member Posts: 287
    If you already have a windows infrastructure then the cheapest option (although not the easiest) would be to build your own PKI
    This week I have achieved unprecedented levels of unverifiable productivity

    Working on
    Learning Python and OSCP
  • ClaymooreClaymoore Member Posts: 1,637
    You want to implement TLS (Transport Layer Security) between the mail servers:

    TLS Functionality and Related Terminology in Exchange 2007
    Exchange 2007 Mail Flow (DNS Records, Connectors, and TLS) | Elan Shudnow's Blog

    A couple of things to remember:
    1. You must use a valid 3rd party CA to sign the certificates so they are trusted by the other servers.
    2. The FQDN (masquerade domain in 2003) of the connector must match the name on the certificate. The general recommendation here is to get a Unified Communication certificate rather than a single server or even wildcard certificate.
    Exchange 2007 supports Opportunistic TLS and will attempt to initiate a TLS session (using the STARTTLS in the EHLO response) with any server that also has a valid certificate for TLS. This will encrypt - but not authenticate - the transmission. You can also implement Mutual TLS between you and your secure partner which will both encrypt the mail and authenticate the server. As a bonus, Outlook 2007 will display a 'Domain Secured' message in emails from your partner when you use Mutual TLS.
  • HeroPsychoHeroPsycho Inactive Imported Users Posts: 1,940
    Claymoore wrote: »
    1. You must use a valid 3rd party CA to sign the certificates so they are trusted by the other servers.

    While commercial certificates would be the easiest way to accomplish this, that's not true. You could exchange root certificates with the company you wish to use TLS for, and import those root certs into the mail server computer certificate stores under Trusted Root.
    Good luck to all!
  • PiotrIrPiotrIr Member Posts: 236
    Ok so it looks TLS is what I’m looking for. Many thanks for your help.
Sign In or Register to comment.