This Issue Sponsored By

Esker Software

http://www.esker.com/exchange103

CommVault Systems – Free White Paper

http://www.commvault.com/mk/get/INFINITE_INBOX_WINNET_EONL

===============

1. Commentary

- Protecting SMTP Traffic with TLS

2. Announcements

- Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

- New Windows & .NET Magazine Web Site Unveiled!

3. Resources

- Installing a New Certificate with Certificate Wizard for Use in SSL and TLS

- Featured Thread: Blocking Email to an Internet Mailbox

- Outlook Tip: Using Private Sensitivity with Appointments

4. Events

- Don't Miss Our 4 New Web Seminars

5. New and Improved

- Access Important Business Information

- Tell Us About a Hot Product and Get a T-Shirt!

6. Contact Us

- See this section for a list of ways to contact us.

==========

~~~~ Sponsor: Esker Software ~~~~

One solution seamlessly integrates fax with Exchange and standardizes desktop fax across the enterprise. Esker Fax enables high-performance desktop fax for local and remote users throughout your organization, with clustered and load-balanced implementation support for maximum availability and scalability, least cost routing to cut fax transmission costs, advanced inbound routing technology to speed document delivery and protect sensitive content, centralized management of enterprise fax delivery traffic, and more. Bred in the world of high-volume fax, Esker Fax also automates high-volume production faxing from host-based enterprise applications - without requiring application programming changes. Get your FREE Esker Fax information kit:

http://www.esker.com/exchange103

==========

==== 1. Commentary: Protecting SMTP Traffic with TLS ==== by Paul Robichaux, News Editor, exadmin@winnetmag.com

One of the most common security problems that Exchange sites face is how to protect the contents of sensitive messages. You can solve this problem in several different ways, depending on why you're trying to protect the messages and what specific threats you're protecting against.

Most Exchange administrators are familiar with the basic concepts that underlie the Secure MIME (S/MIME) protocol, which provides end-to-end, sender-to-recipient security. However, S/MIME requires a significant amount of infrastructure and deployment work and is overkill for some situations. Consider for a moment a scenario in which you want to protect messages that are destined for a business partner or your company's law or accounting firms. You're not concerned with protecting the messages against internal snooping on either side, but you don't want someone on the outside (i.e., someone who can access the network between your site and the recipient's site) to read those messages. You can easily address this limited but common threat model by using an Exchange Server 2003 and Exchange 2000 Server feature: the ability to turn on Transport Layer Security (TLS) encryption of message traffic sent over SMTP.

TLS is a close relative of the familiar Secure Sockets Layer (SSL) protocol. The two are generally interoperable, but TLS features some security improvements, as described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 2246 at http://www.ietf.org/rfc/rfc2246.txt . When you turn on Exchange's TLS encryption, you can use it to secure SMTP traffic sent from any email client to your server or to secure traffic sent to a specific remote domain over an SMTP connector.

Securing client-to-server traffic is simple. You'll need a digital certificate for your SMTP Virtual Server; if your SMTP bridgehead is running on the same machine as an SSL-protected Outlook Web Access (OWA) server, you can use the same certificate. The Microsoft article "HOW TO: Use Certificates with Virtual Servers in Exchange 2000 Server" ( http://support.microsoft.com/?kbid=319574 ) explains how to configure a certificate for use with SMTP. After you have a certificate in place, open the SMTP Virtual Server's Properties dialog box, select the Access tab, then click Authentication. In the resulting dialog box, turn on Basic authentication by selecting the corresponding "Requires TLS encryption" check box. That's it!

Setting up TLS for use with connector-based SMTP traffic is slightly more complicated. Some SMTP+TLS implementations are opportunistic; that is, they attempt to start a TLS session with each SMTP server they connect to, and if the attempt succeeds, that traffic will be protected. In Exchange 2003 and Exchange 2000, you turn TLS on or off for each connector. If you turn on TLS for a virtual server or a connector, it won't be able to establish connections with servers that aren't using TLS. As a result, you shouldn't turn on TLS for your main SMTP Virtual Server unless you want to stop receiving mail from all the non-TLS servers out there.

For this reason, the preferred method of using TLS is to set up a separate SMTP connector for each remote domain with which you want to use TLS. This process is easy to do: You simply set up a new connector, assign it the address space of the remote domain, then select the "TLS encryption" check box in the Outbound Security dialog box. To access the Outbound Security dialog box, open the SMTP connector's Properties dialog box, select the Delivery tab, then click Outbound Security. You can perform the same trick on your default SMTP Virtual Server. Keep in mind, however, that if you turn on TLS encryption, you won't be able to send mail to domains that don't use TLS. The Microsoft article "XADM: Exchange Server Cannot Communicate with Non-TLS Domains" ( http://support.microsoft.com/?kbid=329061 ) describes this behavior.

==========

~~~~ Sponsor: CommVault Systems ~~~~ Today's e-mails and instant messages are a mixed blessing to corporations. They're critical to business -- an awful lot of messages and attachments contain vital company knowledge. Messages are also critical in defending companies against expensive non-compliance charges and lawsuits. But this same great tool is also a storage manager's greatest challenge. Messaging data (e-mail messages and attachments), like from Microsoft Exchange, strains networks and storage to their limits. So how do you intelligently manage message stores when you can barely keep up with capacity? What's an IT administrator to do? Order free white paper, "Managing the Infinite Mailbox" today.

http://www.commvault.com/mk/get/INFINITE_INBOX_WINNET_EONL

==========

==== 2. Announcements ==== (from Windows & .NET Magazine and its partners)

Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

What's better than Windows & .NET Magazine? Try Windows & .NET Magazine and the Windows & .NET Magazine Article Archive CD at one super low rate. Read Windows & .NET Magazine in the office. Take the Article Archive CD with you on the road. Subscribe now!

http://www.winnetmag.com/rd.cfm?code=wcep203xcc

New Windows & .NET Magazine Web Site Unveiled!

We are proud to announce the new and improved Windows & .NET Magazine Web site. Discover the fresh, new look and a more simplified way to find answers, news, strategic guidance, and how-to information. Check out our new Web site at

http://www.winnetmag.com

==========

~~~~ Hot Release: Sybari Software, Inc. ~~~~

Free E-book!

Download "The Administrators Shortcut Guide to Email Protection" today and get insight on the critical, need-to-know information to help you properly protect your corporate messaging system from a wide variety of external and internal security threats. Go to www.sybari.com/eou03 and register today!

==========

==== 3. Resources ====

Installing a New Certificate with Certificate Wizard for Use in SSL and TLS

The Microsoft article "Installing a New Certificate with Certificate Wizard for Use in SSL/TLS" describes how to use the Certificate Wizard in Microsoft IIS to request and install the kind of certificate you need for Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

http://support.microsoft.com/?kbid=228836

Featured Thread: Blocking Email to an Internet Mailbox

A forum reader has a question about how to block outgoing email (in Exchange Server 5.5 Service Pack 4--SP4) to a specific Internet mailbox. To offer your advice or join the discussion, go to the following URL:

http://www.winnetmag.com/forums/rd.cfm?cid=40&tid=64798

Outlook Tip: Using Private Sensitivity with Appointments by Sue Mosher, olupdate@slipstick.com

Q: What does the "Private" Sensitivity level mean when applied to an appointment?

A: When you select the Private check box on an Appointment form, you shield the appointment details (e.g., subject, participants) from everyone but a designated delegate of your mailbox. The appointment status appears when someone checks your availability because the appointment date and time are included in your Calendar's free/busy information. However, people who have only Read access to your Calendar folder see the appointment subject as Private Appointment and can't open the appointment. (To keep a delegate from knowing the details of private appointments, open your mailbox's Tools, Options dialog box and go to the Delegates tab. Select the delegate, click Properties to open the Delegate Permissions dialog box, then clear the "Delegate can see my private items" check box.)

See the Exchange & Outlook Hot Topic Web site for more great tips from Sue Mosher.

http://www.winnetmag.com/microsoftexchangeoutlook

==== 4. Events ==== (brought to you by Windows & .NET Magazine)

Don't Miss Our 4 New Web Seminars

Sign up today for these upcoming Web seminars: How to Pick the Right Anti-Spam Solution, Assessing IM Risks on Your Network, Choosing the Right Patch Management Solution, and the Costs of Spam. Don't miss these free events!

http://www.winnetmag.com/seminars

==== 5. New and Improved ==== by Carolyn Mader, products@winnetmag.com

Access Important Business Information

NewsGator Technologies and MyST Technology Partners announced a partnership to provide NewsGator users access to MySmartChannels. NewsGator is a news aggregator that runs in Outlook. MySmartChannels is a business Web logging platform that you can securely publish information on and invite colleagues to subscribe to and collaborate on. MySmartChannels lets each company department, team, or individual post their activities and discussions. Pricing is $29 per copy with quantity discounts available. Contact NewsGator at info@newsgator.com.

http://www.newsgator.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@winnetmag.com.

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

==========

==== 6. Contact Us ====

About the newsletter -- letters@winnetmag.com

About technical questions -- http://www.winnetmag.com/forums

About product news -- products@winnetmag.com

About your subscription -- exchangeandoutlookupdate@winnetmag.com

About sponsoring UPDATE -- emedia_opps@winnetmag.com

==========

This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today.

http://www.exchangeadmin.com/sub.cfm?code=neei23xxup

Copyright 2003, Penton Media, Inc.

==== This Issue Sponsored By ====

Esker Software

http://www.esker.com/exchange103

CommVault Systems – Free White Paper

http://www.commvault.com/mk/get/INFINITE_INBOX_WINNET_EONL

==========

1. Commentary

- Protecting SMTP Traffic with TLS

2. Announcements

- Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

- New Windows & .NET Magazine Web Site Unveiled!

3. Resources

- Installing a New Certificate with Certificate Wizard for Use in SSL and TLS

- Featured Thread: Blocking Email to an Internet Mailbox

- Outlook Tip: Using Private Sensitivity with Appointments

4. Events

- Don't Miss Our 4 New Web Seminars

5. New and Improved

- Access Important Business Information

- Tell Us About a Hot Product and Get a T-Shirt!

6. Contact Us

- See this section for a list of ways to contact us.

==========

~~~~ Sponsor: Esker Software ~~~~

One solution seamlessly integrates fax with Exchange and standardizes desktop fax across the enterprise. Esker Fax enables high-performance desktop fax for local and remote users throughout your organization, with clustered and load-balanced implementation support for maximum availability and scalability, least cost routing to cut fax transmission costs, advanced inbound routing technology to speed document delivery and protect sensitive content, centralized management of enterprise fax delivery traffic, and more. Bred in the world of high-volume fax, Esker Fax also automates high-volume production faxing from host-based enterprise applications - without requiring application programming changes. Get your FREE Esker Fax information kit:

http://www.esker.com/exchange103

==========

==== 1. Commentary: Protecting SMTP Traffic with TLS ==== by Paul Robichaux, News Editor, exadmin@winnetmag.com

One of the most common security problems that Exchange sites face is how to protect the contents of sensitive messages. You can solve this problem in several different ways, depending on why you're trying to protect the messages and what specific threats you're protecting against.

Most Exchange administrators are familiar with the basic concepts that underlie the Secure MIME (S/MIME) protocol, which provides end-to-end, sender-to-recipient security. However, S/MIME requires a significant amount of infrastructure and deployment work and is overkill for some situations. Consider for a moment a scenario in which you want to protect messages that are destined for a business partner or your company's law or accounting firms. You're not concerned with protecting the messages against internal snooping on either side, but you don't want someone on the outside (i.e., someone who can access the network between your site and the recipient's site) to read those messages. You can easily address this limited but common threat model by using an Exchange Server 2003 and Exchange 2000 Server feature: the ability to turn on Transport Layer Security (TLS) encryption of message traffic sent over SMTP.

TLS is a close relative of the familiar Secure Sockets Layer (SSL) protocol. The two are generally interoperable, but TLS features some security improvements, as described in the Internet Engineering Task Force (IETF) Request for Comments (RFC) 2246 at http://www.ietf.org/rfc/rfc2246.txt . When you turn on Exchange's TLS encryption, you can use it to secure SMTP traffic sent from any email client to your server or to secure traffic sent to a specific remote domain over an SMTP connector.

Securing client-to-server traffic is simple. You'll need a digital certificate for your SMTP Virtual Server; if your SMTP bridgehead is running on the same machine as an SSL-protected Outlook Web Access (OWA) server, you can use the same certificate. The Microsoft article "HOW TO: Use Certificates with Virtual Servers in Exchange 2000 Server" ( http://support.microsoft.com/?kbid=319574 ) explains how to configure a certificate for use with SMTP. After you have a certificate in place, open the SMTP Virtual Server's Properties dialog box, select the Access tab, then click Authentication. In the resulting dialog box, turn on Basic authentication by selecting the corresponding "Requires TLS encryption" check box. That's it!

Setting up TLS for use with connector-based SMTP traffic is slightly more complicated. Some SMTP+TLS implementations are opportunistic; that is, they attempt to start a TLS session with each SMTP server they connect to, and if the attempt succeeds, that traffic will be protected. In Exchange 2003 and Exchange 2000, you turn TLS on or off for each connector. If you turn on TLS for a virtual server or a connector, it won't be able to establish connections with servers that aren't using TLS. As a result, you shouldn't turn on TLS for your main SMTP Virtual Server unless you want to stop receiving mail from all the non-TLS servers out there.

For this reason, the preferred method of using TLS is to set up a separate SMTP connector for each remote domain with which you want to use TLS. This process is easy to do: You simply set up a new connector, assign it the address space of the remote domain, then select the "TLS encryption" check box in the Outbound Security dialog box. To access the Outbound Security dialog box, open the SMTP connector's Properties dialog box, select the Delivery tab, then click Outbound Security. You can perform the same trick on your default SMTP Virtual Server. Keep in mind, however, that if you turn on TLS encryption, you won't be able to send mail to domains that don't use TLS. The Microsoft article "XADM: Exchange Server Cannot Communicate with Non-TLS Domains" ( http://support.microsoft.com/?kbid=329061 ) describes this behavior.

==========

~~~~ Sponsor: CommVault Systems ~~~~ Today's e-mails and instant messages are a mixed blessing to corporations. They're critical to business -- an awful lot of messages and attachments contain vital company knowledge. Messages are also critical in defending companies against expensive non-compliance charges and lawsuits. But this same great tool is also a storage manager's greatest challenge. Messaging data (e-mail messages and attachments), like from Microsoft Exchange, strains networks and storage to their limits. So how do you intelligently manage message stores when you can barely keep up with capacity? What's an IT administrator to do? Order free white paper, "Managing the Infinite Mailbox" today.

http://www.commvault.com/mk/get/INFINITE_INBOX_WINNET_EONL

==========

==== 2. Announcements ==== (from Windows & .NET Magazine and its partners)

Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!

What's better than Windows & .NET Magazine? Try Windows & .NET Magazine and the Windows & .NET Magazine Article Archive CD at one super low rate. Read Windows & .NET Magazine in the office. Take the Article Archive CD with you on the road. Subscribe now!

http://www.winnetmag.com/rd.cfm?code=wcep203xcc

New Windows & .NET Magazine Web Site Unveiled!

We are proud to announce the new and improved Windows & .NET Magazine Web site. Discover the fresh, new look and a more simplified way to find answers, news, strategic guidance, and how-to information. Check out our new Web site at

http://www.winnetmag.com

==========

~~~~ Hot Release: Sybari Software, Inc. ~~~~

Free E-book!

Download "The Administrators Shortcut Guide to Email Protection" today and get insight on the critical, need-to-know information to help you properly protect your corporate messaging system from a wide variety of external and internal security threats. Go to www.sybari.com/eou03 and register today!

==========

==== 3. Resources ====

Installing a New Certificate with Certificate Wizard for Use in SSL and TLS

The Microsoft article "Installing a New Certificate with Certificate Wizard for Use in SSL/TLS" describes how to use the Certificate Wizard in Microsoft IIS to request and install the kind of certificate you need for Secure Sockets Layer (SSL) and Transport Layer Security (TLS).

http://support.microsoft.com/?kbid=228836

Featured Thread: Blocking Email to an Internet Mailbox

A forum reader has a question about how to block outgoing email (in Exchange Server 5.5 Service Pack 4--SP4) to a specific Internet mailbox. To offer your advice or join the discussion, go to the following URL:

http://www.winnetmag.com/forums/rd.cfm?cid=40&tid=64798

Outlook Tip: Using Private Sensitivity with Appointments by Sue Mosher, olupdate@slipstick.com

Q: What does the "Private" Sensitivity level mean when applied to an appointment?

A: When you select the Private check box on an Appointment form, you shield the appointment details (e.g., subject, participants) from everyone but a designated delegate of your mailbox. The appointment status appears when someone checks your availability because the appointment date and time are included in your Calendar's free/busy information. However, people who have only Read access to your Calendar folder see the appointment subject as Private Appointment and can't open the appointment. (To keep a delegate from knowing the details of private appointments, open your mailbox's Tools, Options dialog box and go to the Delegates tab. Select the delegate, click Properties to open the Delegate Permissions dialog box, then clear the "Delegate can see my private items" check box.)

See the Exchange & Outlook Hot Topic Web site for more great tips from Sue Mosher.

http://www.winnetmag.com/microsoftexchangeoutlook

==== 4. Events ==== (brought to you by Windows & .NET Magazine)

Don't Miss Our 4 New Web Seminars

Sign up today for these upcoming Web seminars: How to Pick the Right Anti-Spam Solution, Assessing IM Risks on Your Network, Choosing the Right Patch Management Solution, and the Costs of Spam. Don't miss these free events!

http://www.winnetmag.com/seminars

==== 5. New and Improved ==== by Carolyn Mader, products@winnetmag.com

Access Important Business Information

NewsGator Technologies and MyST Technology Partners announced a partnership to provide NewsGator users access to MySmartChannels. NewsGator is a news aggregator that runs in Outlook. MySmartChannels is a business Web logging platform that you can securely publish information on and invite colleagues to subscribe to and collaborate on. MySmartChannels lets each company department, team, or individual post their activities and discussions. Pricing is $29 per copy with quantity discounts available. Contact NewsGator at info@newsgator.com.

http://www.newsgator.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@winnetmag.com.

==== Sponsored Links ====

Argent

Comparison Paper: The Argent Guardian Easily Beats Out MOM

http://ad.doubleclick.net/clk;6480843;8214395;q?http://www.argent.com/products/download_whitepaper.cgi?product=mom&&Source=WNTTextLink

==========

==== 6. Contact Us ====

About the newsletter -- letters@winnetmag.com

About technical questions -- http://www.winnetmag.com/forums

About product news -- products@winnetmag.com

About your subscription -- exchangeandoutlookupdate@winnetmag.com

About sponsoring UPDATE -- emedia_opps@winnetmag.com

===============

This email newsletter is brought to you by Exchange & Outlook Administrator, the print newsletter with practical advice, tips, and techniques covering migration, backup and restoration, security, and much more. Subscribe today.

http://www.exchangeadmin.com/sub.cfm?code=neei23xxup

Copyright 2003, Penton Media, Inc.