Secure/Multipurpose Internet Mail Extensions (S/MIME) provides a consistent way for email users to send and receive secure MIME data, using digital signatures for authentication, message integrity and non-repudiation and encryption for privacy and data security. S/MIME version 3.1 (RFC 3851) is supported.
Several email clients support the S/MIME specification, including Microsoft Outlook Express and Mozilla mail.
You can deploy a secure mail solution by using Messaging Server and S/MIME. Communications Express webmail users who are set up to use S/MIME can exchange signed or encrypted messages with other users of Communications Express, Microsoft Outlook Express, and Mozilla mail systems. A messaging proxy can provide an additional layer of security at the firewall to further protect information assets within Messaging Server
The Communications Express webmail client supports S/MIME with these features:
Create a digital signature for an outgoing mail message to assure the message’s recipient that the message was not tampered with and is from the person who sent it
Encrypt an outgoing mail message to prevent anyone from viewing, changing or otherwise using the message’s content before the message arrives in the recipient’s mailbox
Verify the digital signature of an incoming signed message with a process involving a certificate revocation list (CRL)
Automatically decrypt an incoming encrypted message so the recipient can read the message’s contents
Exchange signed or encrypted messages with other users of an S/MIME compliant client such as Communications Express Mail and Mozilla mail systems
The remainder of this chapter describes how to configure Messaging Server and Communications Express for S/MIME. Note that you do not have to exclusively use Communications Express to be able to use S/MIME with Messaging Server.
To properly administer S/MIME, you need to be familiar with the following concepts:
Basic administrative procedures for your platform
Structure and use of a lightweight directory access protocol (LDAP) directory
Addition or modification of entries in an LDAP directory
Configuration process for the Sun Java System Directory Server
Concepts and purpose of the following:
Secure Socket Layer (SSL) for a secured communications line
Digitally signed email messages
Encrypted email messages
Local key store of a browser
Smart cards and the software and hardware to use them
Private-public key pairs and their certificates
Certificate authorities (CA)
Verifying keys and their certificates
Certificate revocation list (CRL). (See 24.9.2 When is a Certificate Checked Against a CRL?)