[ngw] GWIA - SMTP & TLS Certificate Verification

Marvin Huffaker mhuffaker at redjuju.com
Thu Nov 1 06:47:55 UTC 2018


I have a customer with a GroupWise system..   Raytheon is one of their customers.

Raytheon is beginning to enforce a new SMTP TLS policy for anybody that communicates with them regularly (Yet it appears it's on a per domain basis, so spammers and such wouldn't fall under this same policy)..

Based on their requirement, just having a valid trusted 3rd party certificate isn't enough. They want the GroupWise server to be able to verify the certificate as well.  To my knowledge, GroupWise does not now or has it ever had this capability. It just uses whatever certificate is presented without verification, which is why it works fine with self signed certs.    And furthermore, I've never in my career seen an email server that requires certificate verification befor.

So how could I accomplish this?   This is what they want:

"The Raytheon servers have been configured for TLS with certificate verification with the xxxxxxxxxxxx
( http://presidiocomponents.com/)  domain.  Once the xxxxxxxxxxxx sending servers for this domain have been configured to require TLS with certificate verification with the Raytheon domains, TLS will be fully setup.
Raytheon domains:
raytheon.com 
raytheon.co.uk 
raytheon.com.au 
thalesraytheon-us.com 
bbn.com 
solipsys.com 
sigovs.com 
pikewerks.com 
rps-emea.com 
raytheon-ssd.com 
teligy.com 
raytheoncyber.com


More information about the ngw mailing list