Encryption is coming as well :-(, we are a hospital with many clinics and venders. We occasionally have to transmit sensitive data. Right now we use PGP when we need to encrypt confidential mail, but I'd like to enable Encryption & Signed mail from within Exchange. And as always, our lawyers require us to put on the disclaimer (although it really means nothing in court). I don't know, when I proposed Exchange to the organization it seemed like a great way to allow communication within & without for us. Now that I've had it live (Exchange2000 - 1200 users) for a year, its eating up more and more of my time to the point where its a full time job in itself. Don't get me wrong, I've been in IT since '86, everything from programming in Octal, HEX and binary up to what's out there today. I've been to as much training as I can get the companies to spring for & I do enjoy it. I get frustrated though, I have 3 full time jobs now (on one paycheck of course) and its tough to keep up. As the Net admin/ firewall admin/ security admin, my hands are full enough keeping everything running smoothly. Since Active Directory (a HUGE improvement over NT by the way), I've been able to to so much more with less time involved. I'm also an Interface Admin, which allows different healthcare computer systems to communicate via yet another language (HL7 & TCL), another full time gig. I figured, hey Email, piece of cake, I set up and administrated an Exchange 5.5 shop in VA for a few years, 5000 employees, why not here? I made the pitch, admin loved it. Now with all these friggin worms, viruses, security holes etc, let alone all the internal whiney employees who cant understand why they can't send/receive 50 meg files via email, I'm goin nuts! Now I gotta get signed, encrypted mail going (along with disclaimers of course), sheesh. Forgive the rant, been up late with the sick kids, here's my plight, sorry to drone on and on. I can't tell y'all how much time you guys have saved me, by reading these threads, I gain so much, Thanks If anyone out there has configured Exchange 2000 (soon 2003) to do signed, encrypted and disclaimed mail, all from the server ( 3/4 of our users use strait OWA to anything client side), please share... (Exchange 2000 on Win 2000 SP4, with all mail going through mail gateway with GFI Security & GFI Essential for filtering) Doug _____ From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, March 01, 2004 3:01 PM To: Stelley, Douglas Subject: FW: [exchangelist] RE: digital cert vs. disclaimer One other thing occurred to me while thinking about this. When you digitally sign a message, you are ensuring that it is not altered. That's not really suited to confidential or sensitive information transferral. For that, encryption is a better choice or even both encryption and signature. You may have already known this, but just in case wanted to be sure it's up front. Al _____ From: Mulnick, Al Sent: Monday, March 01, 2004 12:01 PM To: [ExchangeList] Subject: [exchangelist] RE: digital cert vs. disclaimer http://www.MSExchange.org/ I think you should concentrate on the exception route. Signed messages come from the client and as such arrive at the server signed. Any change will invalidate the signature. Al _____ From: Stelley, Douglas [mailto:dstelley@xxxxxxx] Sent: Monday, March 01, 2004 10:54 AM To: [ExchangeList] Subject: [exchangelist] RE: digital cert vs. disclaimer http://www.MSExchange.org/ If installed GFI Essentials on the Exchange server & had it only do the disclaimer, wouldn't it also attach the disclaimer after it was signed? Or maybe I should ask how I could set up to not send signed mail through that gateway... _____ From: Mulnick, Al [mailto:Al.Mulnick@xxxxxxxxxx] Sent: Monday, March 01, 2004 9:19 AM To: [ExchangeList] Subject: [exchangelist] RE: digital cert vs. disclaimer http://www.MSExchange.org/ I have plenty of ideas, but you may not like any of them. What needs to happen is that the confidential mails either need to be excluded from the footer or you will need to add the cert signature after the disclaimer. Either way would be different than what you're doing now and would need a different architecture or a signature mechanism with more intelligence to realize a message shouldn't be changed if it is signed. Al _____ From: Stelley, Douglas [mailto:dstelley@xxxxxxx] Sent: Monday, March 01, 2004 8:43 AM To: [ExchangeList] Subject: [exchangelist] digital cert vs. disclaimer http://www.MSExchange.org/ We have Exchange 2000 and use a windows box as our mail gateway for the outside world. On the gateway, we use GFI's Security & Essentials programs for screening. It really works well for us. Also, we Use GFI to attach our standard disclaimer, and like that as well, BUT. Now we have to implement certificates on some of our "confidential" mail. When I send test messages that are signed, the gateway attaches the disclaimer, and voila, now the massage has been altered. So then end recipient thinks the mail is bad. Anyone have any ideas? I kind of need both items (the disclaimer & the certificate...) Doug ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ Confidentiality Notice: The information contained in this message may be legally privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any release, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error please notify the author immediately by replying to this message and deleting the original message. Thank you. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------