TLS/SSL capabilities on Outlook 2003

I'm trying to figure out what my options are when it comes to encrypting the
SMTP traffic from a client to the server (I.E. users that need to relay).
More specifically I want to make sure that the authentication part is
encrypted, while the message itself might be transferred unprotected.
Encryption of messages will be handled at the client side using individual
certificates.



In my setup I have the requirement to accept encrypted smtp connections on
25 and 465. Naturally I also have the requirement to accept normal anonymous
mail from the internet. The clients that will be used are of a broad range
of both Outlook 2003 and other linux and mac-based clients. However,
initially my focus has been to figure out my options when it comes to the
Outlook 2003 client.



At the moment I only have one public IP so what I've done is that I've
created two virtual smtp servers that listens on different ports, installed
a certificate and disabled the integrated authentication and checked the
"require TLS when basic authentication" is used. I've also left anonymous
access allowed to be able to receive incoming mails from the internet.
Relaying is allowed if the users authenticate.



When configuring a Outlook 2003 client, I've set that my outgoing server
requires authentication and set it to use SPA (what exactly is SPA anyway?
TLS, SSL or something different?). If I try to relay a mail from my client
with this setup it fails with the error message that I'm not allowed to
relay mails. However, if I also set the checkbox on the clientside that
states that the server requires a secure connection it works fine.

From what I've read that means that the entire conversation, both
authentication and messageflow is encrypted between the client and the
relaying mailserver. My goal is to only encrypt the authentication which I
thought would be satisfied by my initial setup where I only had checked the
Authenticate using SPA checkbox.



My main concern is about the non-windows clients and their implementation of
TLS/SSL. If I'm forced to choose "The server requires an encrypted
connection" to get it to work on a Outlook 2003 client I fear that I will be
seeing more issues on the mac and linux part of the company.



I'm thankful for any input that might help.



/Tobbe


.

Relevant Pages

  • Re: WCF security advice (and clarification) needed
    ... You, the client, resolve the foo.mycompany.com hostname within your ... TCP/IP) with that ticket as the security token. ... There are two parties participating in a security scenario, the server ... HTTP supports other authentication ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: SSPI Kerberos for delegation
    ... We want the authentication to happen without providing credentials ... But SSPI while authenticating from the client to the server can do mutual ...
    (comp.protocols.kerberos)
  • Re: Aironet 1200/Radius Help Needed
    ... I just fired up a W2003 Advanced Server so that I can take ... >> IAS servers (do I need a separate certificate for the secondary IAS ... >> of authentication since it involves just installing the certificate on ... >between the AP and the client. ...
    (microsoft.public.internet.radius)
  • Re: Windows Authentication, Single sign on and Active Directory
    ... service proxy client fails to connect due to authentication failure and then ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The server is always in the domain. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Outlook -> remote exchange -> always wants a password
    ... I have my server set to use Integrated Windows authentication over SSL. ... almost certainly "break" your existing users if the client setup does not ... Close out of these configuration dialogs, ...
    (microsoft.public.windows.server.sbs)
Quantcast