We would like to be able to receive secure (encrypted) email from our
employes. The email would be sent with either Outlook or Outlook express.
Looking around, I see that Sendmail can be set up to use STARTTLS. Will
STARTTLS in Sendmail work with Outlook? If not, what would work?
--
Tom Schulz
schulz@adi.com
Thomas Schulz wrote:
> We would like to be able to receive secure (encrypted) email from our
> employes. The email would be sent with either Outlook or Outlook express.
> Looking around, I see that Sendmail can be set up to use STARTTLS. Will
> STARTTLS in Sendmail work with Outlook? If not, what would work?
I'm pretty sure it does but then again it is a "Microsoft" program so anything
is *impossible* and they like being that way.
Thomas Schulz
> employes. The email would be sent with either Outlook or Outlook express.
> Looking around, I see that Sendmail can be set up to use STARTTLS. Will
> STARTTLS in Sendmail work with Outlook? If not, what would work?
I don't think there's anything weird about Sendmail's TLS. But I don't
know how Outlook would interact with it.
Since you're asking something about *Outlook's* capabilities, you might
find more information/better answers on an Outlook newsgroup.
--
Brandon Hume - hume -> BOFH.Ca, http://WWW.BOFH.Ca/
In article
schulz@adi.com (Thomas Schulz) wrote:
> We would like to be able to receive secure (encrypted) email from our
> employes. The email would be sent with either Outlook or Outlook express.
> Looking around, I see that Sendmail can be set up to use STARTTLS. Will
> STARTTLS in Sendmail work with Outlook? If not, what would work?
Sendmail's STARTTLS feature adheres to a well-defined open standard
(RFC2487) so any MUA which supports that standard should work with
Sendmail. Whether Microsoft's MUA's support that is best answered by
experts in those products. I'm not really an expert on anything
Windows-based, but I know two observable facts that may be relevant:
1. Historically, Microsoft supported the quasi-standard of absolute
wrapping of SMTP in SSL on port 465 (sometimes called 'smtps' or
'ssmtp') and NOT the STARTTLS standard on ports 25 or 587, and this has
been enough of a problem for many sites that to this day they choose to
offer such service in addition to or even instead of the standard.
2. There's a lot of 3rd-party documentation out on the web indicating
that at least some modern versions of Outlook and OE support STARTTLS.
In a corporate environment, this probably means that you can just
support STARTTLS and mandate or provide a suitably current version of
the MUA. If you have to be able to support random ancient versions of
random MUA's, you might have problems with that.
Also: keep in mind that TLS only provides transport privacy unless you
build a complex trust infrastructure including client certificates and
require its application to all messages. TLS is usually configured only
to require encryption, not any form of authentication.
--
Now where did I hide that website...
On Oct 10, 10:23 am, Bill Cole
> 2. There's a lot of 3rd-party documentation out on the web
indicating
> that at least some modern versions of Outlook and OE support STARTTLS.
> In a corporate environment, this probably means that you can just
> support STARTTLS and mandate or provide a suitably current version of
> the MUA.
The user is presented only with a choice of SSL or nothing, but in
fact the Outlook or Outlook Express product can do TLS. There seems
to be no available documentation. One explanation is that for any
port other than 465, it does STARTTLS. Another is that if the remote
host sends a plain text banner, it does STARTTLS. Whatever, the
mechanism is subject to occasional error in which the user is told
that the server does not support encryption; this is generated
randomly as far as one can tell :-)
Joseph Brennan
Columbia University IT
In article <1192042833.333020.86290@50g2000hsm.googlegroups.com>,
Joe Brennan
>On Oct 10, 10:23 am, Bill Cole
> > 2. There's a lot of 3rd-party documentation out on the web
>indicating
>> that at least some modern versions of Outlook and OE support STARTTLS.
>> In a corporate environment, this probably means that you can just
>> support STARTTLS and mandate or provide a suitably current version of
>> the MUA.
>
>The user is presented only with a choice of SSL or nothing, but in
>fact the Outlook or Outlook Express product can do TLS. There seems
>to be no available documentation. One explanation is that for any
>port other than 465, it does STARTTLS. Another is that if the remote
>host sends a plain text banner, it does STARTTLS. Whatever, the
>mechanism is subject to occasional error in which the user is told
>that the server does not support encryption; this is generated
>randomly as far as one can tell :-)
>
>Joseph Brennan
>Columbia University IT
Thanks for the info. I have it working with a self signed cert and our
oldest versions of Outlook and OE seem to work so far in early testing.
Googling for smtps got me a lot of info.
--
Tom Schulz
schulz@adi.com