On Thu, 12 Apr 2012 13:53:24 +0000, andyh999 wrote:
>We are using port 25 and 587 to send non-secure messages to
external servers. Since some ISP's block port 25 we setup 587 a while
back for those who contract with the ISP's that block 25.
Anyone that's running a SMTP server can find an alternative to using
port 25. Have a look at http://www.dyndns.com as an example. What's
required is a SMTP relay server.
>At some point I would like to secure port 587 but I believe
would have to contact all users who currently use this port to check on
"this server requires a secure connection (SSL)" once I check on
"require a secure channel" on the virtual server properties.
If this is incorrect please let me know.
If you're using anything except port 25 for server-to-server SMTP
you're going to have one heckuva problem. Port 587 is the SMTP Client
Submission port, not the SMTP Server port. Since you use port 587 for
YOUR clients it isn't a problem to manage communication and
configuration. How you'd tell some anonymous SMTP server that they
have to use some alternative port to 25 is a task I'd rather not
undertake.
>Due to the sensitive nature of information that passes through
our Exchange server we want to at the least encrypt the username and
password for outgoing messages. If you have other recommendations on how
to do this please share.
If the information is sensitive then you should encrypt the message,
not just the transmission channel. Encrypting the channnel only
protects the content "on the wire," but does nothing for the messages
"at rest".
>So if I want to send secure email on port 465 what do I need to do?
Just send the mail on that port. Since there's no negotiation expected
the data should only be accepted if your server exchanges its
certificate with the target server.
---
Rich Matheisen
MCSE+I, Exchange MVP
No comments:
Post a Comment