Question: Hi We use Exchange 2003/2007. Our setup is as below: Exchange Mailbox servers 2003/2007 <> Exchange Hub Transports/ 2003 Bridgeheads <> Exchange Bridgeheads (aka Exchange Gateways) <> SMTP Gateway <> Internet I just wanted clarification on a few things - i) AFAIK, Exchange 2007 uses TLS SMTP for transferring messages between Hub Transports, therefore the messages are encrypted, am I correct? ii) Exchange 2003 uses only SMTP for transferring messages between Exchange 2003 Bridgehead servers iii) Both use MAPI for transferring messages between Hub Transports/Bridgeheads and the Mailbox servers iv) Messages between our SMTP Gateway and any other company's SMTP Gateway (we don't use TLS between gateways yet) is sent in clear text, correct? v) If <iv> is correct, what is there to stop someone intercepting our email messages and reading them? vi) Is it possible to read -and- amend any messages before sending them on?

Answers inline below. On Sat, 14 Aug 2010 23:21:58 +0000, Pancamo wrote: Question: Hi We use Exchange 2003/2007. Our setup is as below: Exchange Mailbox servers 2003/2007 <> Exchange Hub Transports/ 2003 Bridgeheads <> Exchange Bridgeheads (aka Exchange Gateways) <> SMTP Gateway <> Internet I just wanted clarification on a few things - i) AFAIK, Exchange 2007 uses TLS SMTP for transferring messages between Hub Transports, therefore the messages are encrypted, am I correct? If it can, yes. Valid certificates must be installed. ii) Exchange 2003 uses only SMTP for transferring messages between Exchange 2003 Bridgehead servers Yes. iii) Both use MAPI for transferring messages between Hub Transports/Bridgeheads and the Mailbox servers I think that's correct. iv) Messages between our SMTP Gateway and any other company's SMTP Gateway (we don't use TLS between gateways yet) is sent in clear text, correct? Exchange 2007 and 2010 support "opportunistic TLS" which means that if when your Exchange 2007 server contacts another Exchange 2007/2010 server with a certificate installed that your server trusts, it will send mail using TLS. And vice-vesra. Exchange 2003 has to be configured to use TLS, and it won't switch between TLS and non-TLS. v) If <iv> is correct, what is there to stop someone intercepting our email messages and reading them? Nothing. vi) Is it possible to read -and- amend any messages before sending them on? Sure. That's why people have invented encryption packages like PGP. Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."