Search This Blog

Friday, October 23, 2009

SMTP over Transport Layer Secure

How SMTP over TLS Works

• SMTP servers may advertise the STARTTLS keyword in their EHLO response.

• A client that wants to use TLS issues the STARTTLS command.

• The server typically replies: 220 Ready to start TLS.

• The client and server then execute a TLS handshake as per the TLS protocol standards.

• Same network connection, no change of port.

• Unlike HTTPS, client authentication may be required at this time.

• If the handshake result is satisfactory to both sides, the SMTP session starts over under a TLS secured connection. Otherwise, either side may refuse to continue.


 

Setting up TLS

• A third party certificate needs to be imported

• The name in the certificate needs to be domain name for SMTP/TLS instead of an email address which is needed for S/MIME

• The Certificate request (CSR) can be generated from IIS

• Once the request complete the certificate needs to be exported as a key pair (public and private key) using PKCS#12 (.pfx or .p12) format and then import the key to the e-mail gateway or proxy device.

No comments:

Giveaway of the Day

Giveaway of the Day

Soduko

Sudoku puzzles courtesy of Sudoku Shack