Share the Knowledge
RSS icon Home icon

  • Opportunistic TLS

    Posted on March 21st, 2009 webmaster 5 comments         Print Print

    We had to upgrade our mail gateway/anti-spam software on Sunday because one of our vendors requires us to use encryption when exchanging emails with them.  The easiest solution is to use opportunistic TLS, where the server will always try to connect to the other server using the TLS protocol.  If the other server supports TLS, then traffic is encrypted.  If not, then the email is sent using just regular SMTP without encryption.

    This is actually the first time I’ve even heard of opportunistic TLS, I’m used to seeing S/MIME and PGP when reading about email encryption.  What I like about this is encryption/decryption is done on the server side so the users don’t have to do anything different when sending emails and we don’t have to issue a certificate to each user and manage the keys.

    If you’re using Exchange Server 2007, opportunistic TLS is already enabled by default.  You can check this by entering Get-SendConnector “Send Connector Name” | Format-List in the Exchange Management Shell.  Look for the IgnoreStartTLS parameter, if it’s set to false then opportunistic TLS is enabled.

    To check whether a server supports TLS, telnet to the server on port 25 and check if the server supports the STARTTLS command, for example:

    telnet mail.global.frontbridge.com 25

    This server supports TLS

    Here’s an example of the header of an email that was delivered with TLS enabled (I modified the IP addresses and names for privacy reasons):

    Received: from mailgateway01 (1.2.3.4) by mailserver01.domain.com (1.2.3.5)
    with Microsoft SMTP Server (TLS) id 8.1.263.0; Mon, 16 Mar 2009 18:05:18
    -0400
    Received: from mail.global.frontbridge.com ([65.55.88.22]) by mail.somedomain.com
    ([1.2.3.4]) with ESMTP (TREND IMSS SMTP Service 7.0; TLS:
    TLSv1/SSLv3,128bits,AES128-SHA    ) id 06456c96000057da for <jdoe@microsoft.com>;
    Mon, 16 Mar 2009 18:05:16 -0500

    Networking, Security, SysAdmin , ,

  • RSA SecurID 3.0.2 for BlackBerry

    Posted on March 16th, 2009 webmaster 1 comment         Print Print

    My colleague informed me earlier that RSA just released this new version of their SecurID software for BlackBerry sometime last month.  I installed it right away on my BlackBerry 8330 with OS v4.5.0.131 and it finally worked!!!  I’ve been trying to get their software to work on my BlackBerry since last year but my OS wasn’t supported.

    This new version also now supports RIM OS version 4.7, so if you have a BlackBerry Storm this should work.

    You can download the software from here: http://www.rsa.com/node.aspx?id=1165

    Mobile, Security, Software

  • How to automate Microsoft Office 2007 installation

    Posted on March 11th, 2009 webmaster 9 comments         Print Print

    I was just updating some documentation on our wiki and found some old notes on automating Office 2007 installation.  We upgraded our Microsoft Office software early last year from Office 2003 (and a few Office XP) to Office 2007 and this simple installation script saved us a lot of time. Here are the steps:

    Step 1.  Copy the contents of the Office 2007 installation CD (or package) to a network share (eg. \\server\Office12).

    Step 2.  Run the Office Customization Tool and create a setup customization file (I got these instructions from a BDD 2007 document on Microsoft’s website).

    Read the rest of this entry »

    How-To, SysAdmin , ,
  • « Older Entries

The dumbest people I know are those who know it all. — Malcolm Forbes

Random Pics

beijing-mutianyu-great-wall-16 Monterey_CA_20111205_007 SanDiego_CA_USSMidwayMusem_20111211_016 HearstCastle_20111206_040

Recent Tweets

Categories

Powered by WordPress
Designed by My Mobiles