Hi,

A client wants to encrypt (SMTP with SSL or TLS) his email (for one particular email account) en-reute from his mailbox on the server to his desktop email client (Outlook).

How can this be done and where, if at all, does Thawte's "Personal Email CA" enter into the picture?

Thanks

I'm not sure if I understand you correctly. But if you setup your mail client to use ssl/tls for IMAP/SMTP the connection is encrypted and therefor any data (emails) sent and received are encrypted as well. But this is different from digitally signing/encrypting individual emails.

I'm not sure if I understand you correctly. But if you setup your mail client to use ssl/tls for IMAP/SMTP the connection is encrypted and therefor any data (emails) sent and received are encrypted as well....It's what's required at the server end that the email client interacts with (and how) is what I'm wondering.

Plus, I'm curious about the relationship of these technical communications factors with Thawte's "Personal Email CA", if any.

It's what's required at the server end that the email client interacts with (and how) is what I'm wondering.

Plus, I'm curious about the relationship of these technical communications factors with Thawte's "Personal Email CA", if any.Don't think you really need any changes at the server side unless your APF has not been setup to allow traffic on port number 995 and 465.

If your client needs just simple SSL connection to his mail account, I dont think you need a Certificate for that. If it were for the masses to login to your server to do transactions or if you had a service like Gmail, a Certificate would make sense.

In case your client insists for SSL certificate installed, you'd have to get in touch with support and they'll get you setup right away.

Thawte's cert is about digitally signing the email, saying "this email is really from me, and not someone else pretending to be me".

Get support to set up secure, encrypted POP3 for you if I'm getting you correctly (from mail server to mail client).

The only way I know how to encrypt SMTP is tunnel it via SSH.

I personally use Tunnelier (http://www.bitvise.com/tunnelier.html) as my SSH client. I configure Tunnelier to forward both imap and smtp. Then all I have to do is configure my mail client (ThunderBird) to use Localhost for both imap and smtp and everything is encrypted. (This also provides me with a console and SFTP of course)

My setup is actually a bit more complicated than described because I use multiple concurrent instances of Tunnelier to simultaneously access multiple servers. This is easy to do because Tunnelier will listen on any port you specify and forward it to any other port you specify. Because TBird requires each email service to have a unique servername/username combination, I had to set up a localhost alias in my Windows hosts file for each server I access.

If you give your client SSH access, I suggest disabling the SSH SFTP capability for security reasons.