Secure Messaging with Microsoft Exchange Server 2003 | Secure Messaging with MicrosoftВ® Exchange Server 2003 (Pro-Other)

Paul Robichaux

Microsoft

PUBLISHED BY Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399

Library of Congress Cataloging-in-Publication Data Robichaux, Paul E.

Secure Messaging with Microsoft Exchange Server 2003 / Paul Robichaux.
p. cm. Includes index. ISBN 0-7356-1990-5
1. Microsoft Exchange server. 2. Client/server computing. I. Title.

QA76.9.C55R6283 2004
005.7'137682--dc22 2003068646

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWT 8 7 6 5 4 3

Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/learning/. Send comments to mspinput@microsoft.com.

Active Directory, ActiveSync, ActiveX, Authenticode, BizTalk, Entourage, FrontPage, Hotmail, Microsoft, Microsoft Press, MS-DOS, MSDN, MSN, Outlook, PowerPoint, SharePoint, Visual Basic, Windows, Windows Media, Windows Mobile, Windows NT, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries . Other product and company names mentioned herein may be the trademarks of their respective owners .

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name , e-mail address, logo, person, place, or event is intended or should be inferred.

This book expresses the author s views and opinions . The information contained in this book is provided without any express, statutory , or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.

Acquisitions Editors: Hilary Long, Martin DelRe
Project Editor: Karen Szall
Technical Editor: Nick Cavalancia

Body Part No. X10-42149

To my wife and eternal companion, Arlene. Thank you so much for your love and support.

About the Author

Paul Robichaux is a system administrator, messaging architect, and Exchange MVP who has written about and taught Microsoft Exchange Server messaging all over the world. As a partner in 3sharp LLC, he and his team have helped validate Exchange Server enterprise deployments for security, storage management, and scalability, and he s helped develop Exchange- related products for a number of major software vendors . He frequently speaks at technical conferences, and he writes monthly columns about Exchange for Windows & .NET Magazine and Exchange & Outlook Administrator . You can reach Paul at exsecbook@robichaux.net.

Contributing Authors

David Cross is a lead program manager with the Microsoft Windows Security organization focusing on PKI and security solutions in the Windows platform. He joined Microsoft in 1998 and has made significant contributions to Microsoft products such as Windows 2000, Windows XP, Windows Server 2003, and Exchange Server 2003. In addition, David has been a contributing author on a number of whitepapers and Microsoft Press books regarding Microsoft security and PKI. Prior to joining Microsoft, he spent two years as a project manager and senior architect with the Microsoft Solution Provider/Partner community and five years with the aviation electronic warfare community of the United States Navy. David has spoken at a number of industry conferences around the world including TechED, RSA, PKI Forum, and NISSC. David has a BS in Computer Information Systems as well as an MBA in Management Information Systems.

William J. Friedman, J.D. focuses his legal practice at Piper Rudnick LLP on digital communications matters and related litigation. Prior to joining Piper Rudnick, Mr. Friedman served as senior legal advisor and chief of staff to FCC Commissioner Gloria Tristani and was a senior fellow in intellectual property teaching at Duke Law School.

Joshua Konkle As the KVS, Inc. business technology evangelist, Joshua works with current customers to identify what the current legal challenges are and how to use IT services to deliver on the legal framework. In addition, he has spoken at multiple business and technical venues on topics such as corporate governance, security, business, and IT communications. Most recently, he spoke at the Microsoft Financial Services summit in Charlotte, North Carolina, and as an expert on a panel with other industry leaders at the Government Technology Conference in Atlanta, Georgia. Joshua also speaks at the CeBit America Conference.

Acknowledgments

I ve written more than a dozen books, and I can easily say that I received the most help on this one. Ordinarily, books like this have one or two technical editors, assigned by the publisher. Nick Cavalancia was the TE for this book; he did an excellent job of catching my mistakes before they made it to your hands, and I claim responsibility for any remaining errors.

However, messaging security is such an important subject that I wanted to get feedback from a broader community, so I solicited a group of almost 30 reviewers from Microsoft, industry, and academia. First, the Microsoft folks: a terrific group of Microsoft product managers, developers, and support personnel volunteered their time to review the book as I was writing it. Their feedback was invaluable, and I very much appreciate their assistance. Thanks to Ed McCahill and Starr Andersen for their review of the Windows Rights Management Server content and Justin Ryall, Scott Landry, and Ed Thornburg for their help with the transport and SMTP material. My special thanks to Will Martin and Jeff Williams (chief privacy officer for Microsoft s Product Support Services team) for their Herculean efforts to review every chapter in exacting detail.

Microsoft Press and the Exchange product team took the unusual step of dedicating a team of reviewers to ferret out answers for me during the early part of the writing process. Susan Bradley and Jan Shanahan get credit for the idea; Michele Martin deftly (and quickly) handled many of my questions, and Christopher Budd, Lori Chaconas, Kristian Andaker, and Brad Owen provided review comments and answers. Thanks, buddy team!

Besides those folks, I was privileged to get a great deal of help from a wide range of program managers, developers, support engineers , writers, and other members of Microsoft s Exchange community. In particular, I d like to thank Karim Battish, KC Lemson, and Simon Attwell for their willingness to answer abstruse questions and Alex Ingerman for his help with the Outlook Mobile Access/Exchange ActiveSync chapter. It would be remiss of me not to thank the many other Microsoft employees ”far too many to name here ”who answered my random questions, and shared their insights and research with me, on Microsoft s internal mailing lists.

A number of folks from the wider messaging community pitched in, too. Chris De Herrera, Webmaster of the indispensable www.cewindows.net site, provided some good suggestions for Chapter 16, Securing Mobile Exchange Access. Noted Outlook expert and Microsoft MVP Sue Mosher reviewed Chapter 13, Securing Outlook, for me. Exchange MVPs Missy Koslosky, Tom Meunier, Al Mulnick (who should be an MVP), and Andy Webb caught a number of mistakes and gave good advice on how to strengthen the book.

I got some help in the writing department, too. David Cross, lead program manager for Windows PKI at Microsoft, revised Chapter 12, Secure E-Mail, to bring it up to date on Microsoft Exchange Server 2003 and Windows Server 2003; he also did his usual very thorough job of reviewing the chapters dealing with cryptographic protocols and systems. Former Duke University law professor (and former Federal Communications Commission counsel) William J. Friedman wrote the groundbreaking material in Chapter 20, The Law and Your Exchange Environment. Joshua Konkle, technical evangelist for KVS Software, wrote Chapter 17, Discovery, Compliance, Archive, and Retrieval, which covers discovery, compliance, archival, and retention issues.

At Microsoft Press, a talented staff of editors turned my initial manuscript into the completed product you see here. They were a great group to work with, and their efforts improved my writing a great deal! Thanks to Karen Szall, my project editor, and copy editor Teresa Horton. Jeff Koch, Martin DelRe, and Hilary Long worked together to plan and execute the book s launch.

As always, my wife Arlene was the chief anchor of my life; I thank her for her support and encouragement. I am truly blessed to have such a wonderful wife and companion.