that still applies if i have two A records with the IP's of my IronPorts behind my MX, right ? [...] Both are using their hostnames in the smtp banner, so the cert should point on each hostname? please correct me if i'm on the woodway :roll:
Yes this is correct, Since there would be two different hostnames PTR records for these appliances. You might want use one cert on each or get a Wildcard cert or get a cert with two subject names (one of the hostname).
Please be careful! Trusting TLS as a full blown encryption solution might not de correct.
TLS is always a point to point encryption. This is OK as long as you are sure that remote server is also in a protected environment. But.... if the system you are communicating with is for instance Message labs you have no control over the encryption between Message labs and the final recipient. This means you have nicely secured your communication with Message labs but your message contents can still be sniffed while the message has left Message labs. Of course this is the case with every external hosted mail relay (if your provider delivers you backup MX services you might have the same issue)
If you want to be sure only the intended recipient can decode the message you must use some other (more expensive and complex) encryption mechanisms.
I'm not saying TLS is useless but its added value should be considered "limited"
With some hosted vendors, they can find to see if a message was transmitted via TLS tunnel if so, they can automatically deliver the message via TLS tunnel to the recipient MTA. However, I believe this needs to be configured and setup with your hosted service if plan to use this method.
Agree that TLS is not a full encryption solution, so is why with SMTP TLS and it is called gateway-gateway encryption and not an end-end encryption.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...