Mail encryption queries
Question: Hi
We use Exchange 2003/2007. Our setup is as below:
Exchange Mailbox servers 2003/2007 <> Exchange Hub Transports/ 2003 Bridgeheads <> Exchange Bridgeheads (aka Exchange Gateways) <> SMTP Gateway <> Internet
I just wanted clarification on a few things -
i) AFAIK, Exchange 2007 uses TLS SMTP for transferring messages between Hub Transports, therefore the messages are encrypted, am I correct?
ii) Exchange 2003 uses only SMTP for transferring messages between Exchange 2003 Bridgehead servers
iii) Both use MAPI for transferring messages between Hub Transports/Bridgeheads and the Mailbox servers
iv) Messages between our SMTP Gateway and any other company's SMTP Gateway (we don't use TLS between gateways yet) is sent in clear text, correct?
v) If <iv> is correct, what is there to stop someone intercepting our email messages and reading them?
vi) Is it possible to read -and- amend any messages before sending them on?
August 15th, 2010 2:21am
Answers inline below.
On Sat, 14 Aug 2010 23:21:58 +0000, Pancamo wrote:
Question: Hi We use Exchange 2003/2007. Our setup is as below:
Exchange Mailbox servers 2003/2007 <> Exchange Hub Transports/ 2003
Bridgeheads <> Exchange Bridgeheads (aka Exchange Gateways) <> SMTP
Gateway <> Internet I just wanted clarification on a few things - i)
AFAIK, Exchange 2007 uses TLS SMTP for transferring messages between
Hub Transports, therefore the messages are encrypted, am I correct?
If it can, yes. Valid certificates must be installed.
ii) Exchange 2003 uses only SMTP for transferring messages between
Exchange 2003 Bridgehead servers
Yes.
iii) Both use MAPI for transferring messages between Hub
Transports/Bridgeheads and the Mailbox servers
I think that's correct.
iv) Messages between our SMTP Gateway and any other company's SMTP
Gateway (we don't use TLS between gateways yet) is sent in clear text,
correct?
Exchange 2007 and 2010 support "opportunistic TLS" which means that if
when your Exchange 2007 server contacts another Exchange 2007/2010
server with a certificate installed that your server trusts, it will
send mail using TLS. And vice-vesra. Exchange 2003 has to be
configured to use TLS, and it won't switch between TLS and non-TLS.
v) If <iv> is correct, what is there to stop someone intercepting our
email messages and reading them?
Nothing.
vi) Is it possible to read -and- amend any messages before sending
them on?
Sure. That's why people have invented encryption packages like PGP.
Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
August 15th, 2010 4:00am