02-25-2020 10:24 PM - edited 02-25-2020 10:29 PM
Hi Guys
Need to your help.
I am using Email Appliance(as a mail gateway) and it is implemented with TLS for encryption.
But now i want gateway to gateway mail encryption like my org mail gateway to other org mail gateway should be encrypted. Is it possible? if yes can you tell me what are the process.
Thanks in advance.
02-26-2020 05:03 AM
Hello,
Assuming you simply want TLS encryption between gateways, all you would need to do is implement TLS on the other end (if already configured on the ESA). For example, if using Exchange, you would enable TLS on the Send/Receive connectors.
On the ESA, you can review the mail logs and/or message tracking to confirm if TLS is being used when receiving mail (ICID) or when delivering mail (DCID).
Thanks!
-Dennis M.
02-26-2020 07:55 AM
Thanks for the reply.
Yes I want end to end encryption. e.g. my organization mail to other organizations total encryption.
I use the exchange.
So if I enable tls and also in the mail gateway (esa is 13.x) which is implemented already then end to end encryption is done.
Have to use and implement same certificate in both exchange and esa?
Do I have to exchange certificate public key to other organization whom I send totally encryption mail so that organization's gateway and mail server can decrypt and read my encrypted mail?
02-26-2020 08:03 AM
02-26-2020 09:05 PM
Dear Ken
Thanks for the reply.
If i am not wrong i just have to make a policy to end to end encryption for which domain i have to send encrypted mail.
But if i don't share public key then how the receiver domain will decrypt my mail?
Thanks in advance.
Rockbd
02-27-2020 06:49 AM
Perhaps you're confusing TLS with other forms of encryption? TLS does not encrypt the payload itself, but instead the connection/session when sending between MTAs.
As mentioned, all you need to do for TLS encryption between hops is to enable TLS on your Exchange server. Assuming, of course, you've already enabled it on the ESA (which you said you did?).
Thanks!
-Dennis M.
02-27-2020 09:08 AM
Hi Dennis
Thanks for the reply.
Perhaps you're confusing TLS with other forms of encryption? TLS does not encrypt the payload itself, but instead the connection/session when sending between MTAs.
Yes you guessed right. I am confused. I want end to end encryption. how can i do that.
Yes i enable TLS in the ESA.
Thanks in advance.
RockBD
02-27-2020 02:39 PM
02-26-2020 07:37 AM
Hi,
Inbound/Outbound TLS has been supported by the ESA since the beginning. Based on the scope you want TLS (inbound/outbound e-mail, URL Filtering, LDAP integration) you need several steps to perform it. Here's a perfect document to guide you.
Regards,
Cristian Matei.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: