Questions regarding TLS and Exchange 2007


  • We've been asked by one of our business partners using Postfix to set up our Exhange 2007 SP3 servers to use "enforced" TLS encryption when sending mail to their mail servers.  I had been reviewing this article:

    But in reviewing this forum post:

    it sounds as if Mutual TLS as described is purely an Exchange to Exchange idea:

    "On the question of securing your Exchange 2007 Org and you partner, I don't think you can use DomainSecure(Mutual TLS) unless both ends are Exchange 2007 and there is no hop in between"

    I clearly have someone on the other end who is not using Exchange.  At that point, is it true that the best we can do is encrypt the communications channel but provide no authentication?  Both sides will be using publicly obtained, trusted certificates, but I don't imagine that will help with authentication as we are already doing opportunistic TLS with the self signed certificates that are currently on our edge transport servers.

    If it's the case that encryption but no authentication is the best we can do in my scenario, can anyone point me toward a resource similar to the guide above, but appropriate to my situation? 

    Thanks for any assistance.

    23 กุมภาพันธ์ 2555 16:45