Solved

Inbound TLS on Exchange 2003

Posted on 2009-07-16
5
594 Views
Last Modified: 2013-11-30
I've a Exchange 2003 server and I want to be able to accept incoming TLS from one source. I've installed a certificate. If the sending server requires TLS, will my default SMTP VS accept TLS? Even though I don't have "require tls" enabled?

I'd like to avoid setting up multiple VS and connectors if possible, since I only need to accept incoming TLS if it's required.
0
Comment
Question by:Jason Wilcox
  • 2
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 125 total points
ID: 24873731
Exchange 2003 doesn't do opportunist TLS. It is either ON or OFF for all traffic.
Therefore you will need multiple SMTP virtual servers and if you want to have TLS going over port 25, multiple IP addresses. The remote side will need to know either the alternative port (465 is the usual port used) or the alternative IP address.

SMTP connectors are only concerned with outbound traffic, nothing to do with inbound, so additional connectors are not required.

Simon.
0
 
LVL 3

Author Comment

by:Jason Wilcox
ID: 24873792
I only want one way TLS (just incoming). The sender is requiring TLS on his Exchange server, I'm not. I ran a test and determined that the sender can send TLS to my server through the default VS when the sending server is set to require TLS.

I think the confusion here is that most cases are such that TLS is set to required on the recipient side as well, so then I would have to have two SMTP VS's.
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24874015
Well, when I want to set up TLS-required between two companies using Exchange Server 2003, what I do is I create SMTP connectors on each of the servers.  One for *, with a cost of 10 (for example), and one for othercompany.com with a cost of 5.  Then on THAT CONNECTOR, I require TLS.  I then make sure I've got the SSL certificate installed for the SMTP virtual server.  It sounds like you have that part all set, as does your business partner.   Now, company A and company B will ALWAYS communicate using TLS.  

Opportunistic TLS, as Mestha notes, is one of the upgrade benefits of Exchange 2007.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24874041
You will need to have two SMTP virtual servers to receive email on TLS - one that has TLS enabled, one that does not. You will also need to have a valid SSL certificate on the SMTP virtual server so that the session can be established.

Simon.
0
 
LVL 3

Author Comment

by:Jason Wilcox
ID: 24874108
I think i've not been clear in my circumstance. I have Exchange server A, the sender has Exchange server B. ExchB is set to only allow TLS when sending. ExchB is trying to send email to my ExchA. So as far as TLS is concerned, I'm only needing to be able to receive TLS from ExchB. I don't want to require all incoming email to ExchA be TLS.

In testing what I've found... Sending from ExchB to ExchA failed with TLS failed to connect errors. I installed a certificate on ExchA. Now ExchB can send using TLS to ExchA. I did not setup a second SMTP VS nor did I enable "require tls".

Thanks all for your input.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question