[ngw] GWIA - SMTP & TLS Certificate Verification

Brad Rodgers BRodgers at cesa7.org
Thu Nov 1 11:58:18 UTC 2018


IF MF had anything that could do TLS certificate verification, it would
be in their Secure Messaging Gateway product (aka GWAVA 7).  Based on
how MF handled DKIM implementation in GroupWise, my guess is going
forward all email security is going to be built into SMG with MF wanting
you to put GWIA behind SMG.

-Brad

Brad Rodgers
Director of Administrative Technology
920.617.5648
brodgers at cesa7.org






This e-mail message together with any attachments or reply should not be
considered private or confidential because it may be archived and
subject to public disclosure under certain circumstances, such as
requests made pursuant to Wisconsin public records law.

The message is intended solely for the use of the individual or entity
to which they are addressed. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete this
e-mail from your system. Please note that the views or opinions
presented in this e-mail are solely those of the author and do not
necessarily represent those of Cooperative Educational Service Agency
#7. Any unauthorized use, distribution, copying or disclosure by you or
to any other person is prohibited.

>>> Danita Zanre <dzanre.ngwlist at gmail.com> 11/1/2018 3:47 AM >>>
Hi Marvin,


I’m pretty sure that GW cannot do this. Unless MF has a better
workaround, I’d punt and use a Postfix front-end, which can require
certificate verification, at least from their doc statements. 

Thanks,

	 -Danita

----------------------------------
Danita Zanrè Tel: (720)319-8240 -   Move Out of the Office  
Tel: (720)319-7530 -   Caledonia  

----------------------------------


On Nov 1, 2018 at 07:47:55 GMT+1, Marvin Huffaker
<mhuffaker at redjuju.com> wrote:

> I have a customer with a GroupWise system..   Raytheon is one of
their customers.
> 
> Raytheon is beginning to enforce a new SMTP TLS policy for anybody
that communicates with them regularly (Yet it appears it's on a per
domain basis, so spammers and such wouldn't fall under this same
policy)..
> 
> Based on their requirement, just having a valid trusted 3rd party
certificate isn't enough. They want the GroupWise server to be able to
verify the certificate as well.  To my knowledge, GroupWise does not now
or has it ever had this capability. It just uses whatever certificate is
presented without verification, which is why it works fine with self
signed certs.    And furthermore, I've never in my career seen an email
server that requires certificate verification befor.
> 
> So how could I accomplish this?   This is what they want:
> 
> "The Raytheon servers have been configured for TLS with certificate
verification with the xxxxxxxxxxxx
> ( http://presidiocomponents.com/)  domain.  Once the xxxxxxxxxxxx
sending servers for this domain have been configured to require TLS with
certificate verification with the Raytheon domains, TLS will be fully
setup.

> Raytheon domains:
> raytheon.com 
> raytheon.co.uk 
> raytheon.com.au 
> thalesraytheon-us.com 
> bbn.com 
> solipsys.com 
> sigovs.com 
> pikewerks.com 
> rps-emea.com 
> raytheon-ssd.com 
> teligy.com 
> raytheoncyber.com
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw


_______________________________________________
ngw mailing list
ngw at ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw




More information about the ngw mailing list