|
Home > Archive > IIS and SMTP > November 2004 > POP3 encryption in W2K3 - ? possible
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
POP3 encryption in W2K3 - ? possible
|
|
| David P. Lurie 2004-11-21, 8:46 pm |
| W2K3S Standard
Is there any way to encrypt POP3 data with the standard POP3 server?
Currently use email and perform file transfers internally on the LAN, plus
two sites connected via VPN. Would like to eliminate the VPN, replacing with
SSL-encrypted WebDAV for file transfers and TLS-encrypted email.
I installed Certificate Services, and used the Certificate Wizard to
generate certificates for the server's web site and TLS for the virtual SMTP
server.
WebDAV works nicely as expected from either IE6 (opened as web folder) or
Add A Network Place.
The SMTP docs suggest that enabling TLS by requiring a secure channel and
using 128 bit encryption will encrypt outgoing email, but the POP3 server
docs and manager only describe encryption for the logon process (SPA with AD
integrated authentication used).
I enabled TLS, then changed the email account settings (advanced) for SMTP
in Outlook 2003 for my account to "This server requires an encrypted
connection (SSL)", as no TLS option. This works, although I thought that TLS
was similar, but different than SSL 3. Requiring encryption for the POP3
server fails, as expected.
That leaves half of the transmissions unencrypted. Why only have outgoing
encryption?
Is there a way to encrypt POP3 on the server that I overlooked, or is the
only way to get secure email going to be for each client to get a S/MIME
certificate for the email account and encrypt the messages prior to
transmission?
Thanks
| |
| Justin 2004-11-22, 7:48 am |
|
"David P. Lurie" <DavidPLurie@discussions.microsoft.com> wrote in message
news:20A2317C-C1E2-4F92-BAE1-CFEFDE47A800@microsoft.com...
> W2K3S Standard
>
> Is there any way to encrypt POP3 data with the standard POP3 server?
>
> Currently use email and perform file transfers internally on the LAN, plus
> two sites connected via VPN. Would like to eliminate the VPN, replacing
> with
> SSL-encrypted WebDAV for file transfers and TLS-encrypted email.
>
> I installed Certificate Services, and used the Certificate Wizard to
> generate certificates for the server's web site and TLS for the virtual
> SMTP
> server.
>
> WebDAV works nicely as expected from either IE6 (opened as web folder) or
> Add A Network Place.
>
> The SMTP docs suggest that enabling TLS by requiring a secure channel and
> using 128 bit encryption will encrypt outgoing email, but the POP3 server
> docs and manager only describe encryption for the logon process (SPA with
> AD
> integrated authentication used).
>
> I enabled TLS, then changed the email account settings (advanced) for SMTP
> in Outlook 2003 for my account to "This server requires an encrypted
> connection (SSL)", as no TLS option. This works, although I thought that
> TLS
> was similar, but different than SSL 3. Requiring encryption for the POP3
> server fails, as expected.
>
> That leaves half of the transmissions unencrypted. Why only have outgoing
> encryption?
>
> Is there a way to encrypt POP3 on the server that I overlooked, or is the
> only way to get secure email going to be for each client to get a S/MIME
> certificate for the email account and encrypt the messages prior to
> transmission?
>
> Thanks
>
POP3 over SSL is supported by Exchange but not Windows POP3 server. You need
to use S/MIME if you do not wish to change your POP3 server.
|
|
|
|
|