Hi Tom, thank you so much for all your hard work putting together this new SMTP filter article. Took me a little time but was able to follow what you were saying and get to work like a charm. I love the fact that now our employees from home can send e-mail securly.
I am now wondering how to secure access to our POP3 server(exchange 2000) so passwords and usernames can not be sniffed.
Does the POP3 Filter, like the SMTP filer in ISA alow to connect to a pop3 server in a secure manner?
I do not see a "Windows Security Package" option in the POP3 authentifucation tab on Exchange 2000.
I see that in outlook express there is a POP3 ckeck box for "Logon using Secure Password Authentication" (just like Outgoing) but I tried this and disabled clear text on the exchange server and it seemed to work but would never retrieve any e-mails.
I am confused. Is it that exchange 2000 POP3 server Authentication tab is missing the "Windows Security Package" check box or what?
Good question regarding POP3. The way to handle this problem is to configure the POP3 site for SSL protection. This secures the credentials and data.
That is still one of the shortcomings of the new SMTP filter. While we can authetnicate using the "security package" authentication, the data still moves "in the clear" because the STARTTLS command, which is required for SSL protection of the data, is not supported.