Brandon, we use Mozilla, and it's S/MIME features. You can get free
personal certs from thawte.com. Also, we use postfix for our mailserver,
and have enabled TLS, where available (from client to server, and
sometimes from server to server) the SMTP traffic is encrypted. The
remote server must also support TLS, postfix tries it first. When we
send sensitive info, we encrypt it using S/MIME to ensure it is safe. I
sign all my messages to verify integrity. Using S/MIME is a client
thing, as it must manage the key pairs for that particular user, while
TLS can be implemented at the server.
I would suggest both. By the way, we use SSL/IMAP (courierIMAP) for
reading mail as well!
Fetch, Brandon wrote:
No flames here please. I've just been asked about running some form of
encryption on our mail clients (Outlook) to send encrypted SMTP across the
Internet and would like some opinions/directions.
Our userbase isn't that technical so we'd need something that is pretty user
friendly (I know, divergent goals) but is still secure to a point.
I don't know the exact details on their goals other than preventing random
eavesdropping (sniffing) of clear-text SMTP traffic across the Internet to a
remote, non-internal destination.
What do other Win/Exchange/Outlook IT admins use for S/MIME?
BTW, if there's something that will run on top of the SMTP gateway server or
the internal Exchange server to encrypt the message before being routed to
the Internet, this is also acceptable. I figure there must be something
available that works like this.
TIA,
Brandon Fetch
817-871-4036
-- carpe ductum -- "Grab the tape"
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
