One of the most common security problems that Exchange sites face is how to protect the contents of sensitive messages. You can solve this problem in several different ways, depending on why you're trying to protect the messages and what specific threats you're protecting against.

Most Exchange administrators are familiar with the basic concepts that underlie the Secure MIME (S/MIME) protocol, which provides end-to-end, sender-to-recipient security. However, S/MIME requires a significant amount of infrastructure and deployment work and is overkill for some situations. Consider for a moment a scenario in which you want to protect messages that are destined for a business partner or your company's law or accounting firms. You're not concerned with protecting the messages against internal snooping on either side, but you don't want someone on the outside (i.e., someone who can access the network between your site and the recipient's site) to read those messages. You can easily address this limited but common threat model by using an Exchange Server 2003 and Exchange 2000 Server feature: the ability to turn on Transport Layer Security (TLS) encryption of message traffic sent over SMTP.

TLS is a close relative of the familiar Secure Sockets Layer (SSL) protocol. The two are generally interoperable, but TLS features some security improvements, as described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 2246 at http://www.ietf.org/rfc/rfc2246.txt . When you turn on Exchange's TLS encryption, you can use it to secure SMTP traffic sent from any email client to your server or to secure traffic sent to a specific remote domain over an SMTP connector.

Securing client-to-server traffic is simple. You'll need a digital certificate for your SMTP Virtual Server; if your SMTP bridgehead is running on the same machine as an SSL-protected Outlook Web Access (OWA) server, you can use the same certificate. The Microsoft article "HOW TO: Use Certificates with Virtual Servers in Exchange 2000 Server" ( http://support.microsoft.com/?kbid=319574 ) explains how to configure a certificate for use with SMTP. After you have a certificate in place, open the SMTP Virtual Server's Properties dialog box, select the Access tab, then click Authentication. In the resulting dialog box, turn on Basic authentication by selecting the corresponding "Requires TLS encryption" check box. That's it!

Setting up TLS for use with connector-based SMTP traffic is slightly more complicated. Some SMTP+TLS implementations are opportunistic; that is, they attempt to start a TLS session with each SMTP server they connect to, and if the attempt succeeds, that traffic will be protected. In Exchange 2003 and Exchange 2000, you turn TLS on or off for each connector. If you turn on TLS for a virtual server or a connector, it won't be able to establish connections with servers that aren't using TLS. As a result, you shouldn't turn on TLS for your main SMTP Virtual Server unless you want to stop receiving mail from all the non-TLS servers out there.

For this reason, the preferred method of using TLS is to set up a separate SMTP connector for each remote domain with which you want to use TLS. This process is easy to do: You simply set up a new connector, assign it the address space of the remote domain, then select the "TLS encryption" check box in the Outbound Security dialog box. To access the Outbound Security dialog box, open the SMTP connector's Properties dialog box, select the Delivery tab, then click Outbound Security. You can perform the same trick on your default SMTP Virtual Server. Keep in mind, however, that if you turn on TLS encryption, you won't be able to send mail to domains that don't use TLS. The Microsoft article "XADM: Exchange Server Cannot Communicate with Non-TLS Domains" ( http://support.microsoft.com/?kbid=329061 ) describes this behavior.