[ngw] GWIA - SMTP & TLS Certificate Verification

Joe Acquisto-j4 joea at j4computers.com
Fri Nov 2 15:52:10 UTC 2018


I agree with this.  No mail server, these days, IMHO, should connect to
the internet directly, only through some kind of filtering box acting as
a "proxy".

There are any number of commercial products available for that purpose
and one can also "home brew" with Postfix, Spam Assassin and various add
ons.

joe a.

>>> On 11/1/2018 at 8:03 AM, in message
<5BDAEB78020000130012DE11 at mail.msktd.com>,
"Ken Etter" <kle at msktd.com> wrote:
> And I would highly recommend doing so.  I can't imagine running any
mail
> server without some type of filtering box/service in front of it. 
SMG
> does a great job keeping the junk out of my email system.
> 
> Ken Etter, System Administrator
> Architectural Group
> 260.432.9337 | msktd.com
> 
> 
> 
>>>> "Brad Rodgers" <BRodgers at cesa7.org> 11/1/2018 7:58 AM >>>
> IF MF had anything that could do TLS certificate verification, it
> would
> be in their Secure Messaging Gateway product (aka GWAVA 7).  Based
on
> how MF handled DKIM implementation in GroupWise, my guess is going
> forward all email security is going to be built into SMG with MF
> wanting
> you to put GWIA behind SMG.
> 
> -Brad
> 
> Brad Rodgers
> Director of Administrative Technology
> 920.617.5648
> brodgers at cesa7.org 
> 
> 
> 
> 
> 
> 
> This e-mail message together with any attachments or reply should
not
> be
> considered private or confidential because it may be archived and
> subject to public disclosure under certain circumstances, such as
> requests made pursuant to Wisconsin public records law.
> 
> The message is intended solely for the use of the individual or
entity
> to which they are addressed. Please notify the sender immediately by
> e-mail if you have received this e-mail by mistake and delete this
> e-mail from your system. Please note that the views or opinions
> presented in this e-mail are solely those of the author and do not
> necessarily represent those of Cooperative Educational Service
Agency
> #7. Any unauthorized use, distribution, copying or disclosure by you
> or
> to any other person is prohibited.
> 
>>>> Danita Zanre <dzanre.ngwlist at gmail.com> 11/1/2018 3:47 AM >>>
> Hi Marvin,
> 
> 
> I’m pretty sure that GW cannot do this. Unless MF has a better
> workaround, I’d punt and use a Postfix front-end, which can
require
> certificate verification, at least from their doc statements. 
> 
> Thanks,
> 
> 	 -Danita
> 
> ----------------------------------
> Danita Zanrè Tel: (720)319-8240 -   Move Out of the Office  
> Tel: (720)319-7530 -   Caledonia  
> 
> ----------------------------------
> 
> 
> On Nov 1, 2018 at 07:47:55 GMT+1, Marvin Huffaker
> <mhuffaker at redjuju.com> wrote:
> 
>> I have a customer with a GroupWise system..   Raytheon is one of
> their customers.
>> 
>> Raytheon is beginning to enforce a new SMTP TLS policy for anybody
> that communicates with them regularly (Yet it appears it's on a per
> domain basis, so spammers and such wouldn't fall under this same
> policy)..
>> 
>> Based on their requirement, just having a valid trusted 3rd party
> certificate isn't enough. They want the GroupWise server to be able
to
> verify the certificate as well.  To my knowledge, GroupWise does not
> now
> or has it ever had this capability. It just uses whatever
certificate
> is
> presented without verification, which is why it works fine with self
> signed certs.    And furthermore, I've never in my career seen an
> email
> server that requires certificate verification befor.
>> 
>> So how could I accomplish this?   This is what they want:
>> 
>> "The Raytheon servers have been configured for TLS with certificate
> verification with the xxxxxxxxxxxx
>> ( http://presidiocomponents.com/)  domain.  Once the xxxxxxxxxxxx
> 
> sending servers for this domain have been configured to require TLS
> with
> certificate verification with the Raytheon domains, TLS will be
fully
> setup.
> 
>> Raytheon domains:
>> raytheon.com 
>> raytheon.co.uk 
>> raytheon.com.au 
>> thalesraytheon-us.com 
>> bbn.com 
>> solipsys.com 
>> sigovs.com 
>> pikewerks.com 
>> rps-emea.com 
>> raytheon-ssd.com 
>> teligy.com 
>> raytheoncyber.com
>> _______________________________________________
>> ngw mailing list
>> ngw at ngwlist.com 
>> http://ngwlist.com/mailman/listinfo/ngw 
> 
> 
> 
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com 
> http://ngwlist.com/mailman/listinfo/ngw


More information about the ngw mailing list