[ngw] GWIA - SMTP & TLS Certificate Verification

Marvin Huffaker mhuffaker at redjuju.com
Fri Nov 2 17:33:02 UTC 2018


Thank you but you're making unnecessary assumptions as to the
architecture.  They use a cloud service to filter inbound mail so it's
not just sitting there exposed to the world. Their firewall only allows
smtp traffic from this service.   GroupWise sends email outbound
directly without a proxy or relay.  That's where the question comes in
to play..  And that's where I need GroupWise to do Certificate
Verification and it isn't. I have customers that use an outbound
relay/proxy and I have customers that send directly.  I see pros and
cons of both methods. In this case, it looks like I'll need to figure
out a way to setup a relay they can proxy off of that has this function,
or see if gwava can do it.

Thank you.
Marvin


>>> "Ken Etter" <kle at msktd.com> 11/1/2018 5:03 AM >>>
And I would highly recommend doing so.  I can't imagine running any
mail
server without some type of filtering box/service in front of it.  SMG
does a great job keeping the junk out of my email system.

Ken Etter, System Administrator
Architectural Group
260.432.9337 | msktd.com



>>> "Brad Rodgers" <BRodgers at cesa7.org> 11/1/2018 7:58 AM >>>
IF MF had anything that could do TLS certificate verification, it
would
be in their Secure Messaging Gateway product (aka GWAVA 7).  Based on
how MF handled DKIM implementation in GroupWise, my guess is going
forward all email security is going to be built into SMG with MF
wanting
you to put GWIA behind SMG.

-Brad

Brad Rodgers
Director of Administrative Technology
920.617.5648
brodgers at cesa7.org






This e-mail message together with any attachments or reply should not
be
considered private or confidential because it may be archived and
subject to public disclosure under certain circumstances, such as
requests made pursuant to Wisconsin public records law.

The message is intended solely for the use of the individual or entity
to which they are addressed. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete this
e-mail from your system. Please note that the views or opinions
presented in this e-mail are solely those of the author and do not
necessarily represent those of Cooperative Educational Service Agency
#7. Any unauthorized use, distribution, copying or disclosure by you
or
to any other person is prohibited.

>>> Danita Zanre <dzanre.ngwlist at gmail.com> 11/1/2018 3:47 AM >>>
Hi Marvin,


I’m pretty sure that GW cannot do this. Unless MF has a better
workaround, I’d punt and use a Postfix front-end, which can require
certificate verification, at least from their doc statements. 

Thanks,

	 -Danita

----------------------------------
Danita Zanrè Tel: (720)319-8240 -   Move Out of the Office  
Tel: (720)319-7530 -   Caledonia  

----------------------------------


On Nov 1, 2018 at 07:47:55 GMT+1, Marvin Huffaker
<mhuffaker at redjuju.com> wrote:

> I have a customer with a GroupWise system..   Raytheon is one of
their customers.
> 
> Raytheon is beginning to enforce a new SMTP TLS policy for anybody
that communicates with them regularly (Yet it appears it's on a per
domain basis, so spammers and such wouldn't fall under this same
policy)..
> 
> Based on their requirement, just having a valid trusted 3rd party
certificate isn't enough. They want the GroupWise server to be able to
verify the certificate as well.  To my knowledge, GroupWise does not
now
or has it ever had this capability. It just uses whatever certificate
is
presented without verification, which is why it works fine with self
signed certs.    And furthermore, I've never in my career seen an
email
server that requires certificate verification befor.
> 
> So how could I accomplish this?   This is what they want:
> 
> "The Raytheon servers have been configured for TLS with certificate
verification with the xxxxxxxxxxxx
> ( http://presidiocomponents.com/)  domain.  Once the xxxxxxxxxxxx


sending servers for this domain have been configured to require TLS
with
certificate verification with the Raytheon domains, TLS will be fully
setup.

> Raytheon domains:
> raytheon.com 
> raytheon.co.uk 
> raytheon.com.au 
> thalesraytheon-us.com 
> bbn.com 
> solipsys.com 
> sigovs.com 
> pikewerks.com 
> rps-emea.com 
> raytheon-ssd.com 
> teligy.com 
> raytheoncyber.com
> _______________________________________________
> ngw mailing list
> ngw at ngwlist.com
> http://ngwlist.com/mailman/listinfo/ngw




_______________________________________________
ngw mailing list
ngw at ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw






More information about the ngw mailing list