Inbound TLS on Exchange 2003

I only want one way TLS (just incoming). The sender is requiring TLS on his Exchange server, I'm not. I ran a test and determined that the sender can send TLS to my server through the default VS when the sending server is set to require TLS.

I think the confusion here is that most cases are such that TLS is set to required on the recipient side as well, so then I would have to have two SMTP VS's.

Well, when I want to set up TLS-required between two companies using Exchange Server 2003, what I do is I create SMTP connectors on each of the servers.  One for *, with a cost of 10 (for example), and one for othercompany.com with a cost of 5.  Then on THAT CONNECTOR, I require TLS.  I then make sure I've got the SSL certificate installed for the SMTP virtual server.  It sounds like you have that part all set, as does your business partner.   Now, company A and company B will ALWAYS communicate using TLS.  

Opportunistic TLS, as Mestha notes, is one of the upgrade benefits of Exchange 2007.

You will need to have two SMTP virtual servers to receive email on TLS - one that has TLS enabled, one that does not. You will also need to have a valid SSL certificate on the SMTP virtual server so that the session can be established.

Simon.

I think i've not been clear in my circumstance. I have Exchange server A, the sender has Exchange server B. ExchB is set to only allow TLS when sending. ExchB is trying to send email to my ExchA. So as far as TLS is concerned, I'm only needing to be able to receive TLS from ExchB. I don't want to require all incoming email to ExchA be TLS.

In testing what I've found... Sending from ExchB to ExchA failed with TLS failed to connect errors. I installed a certificate on ExchA. Now ExchB can send using TLS to ExchA. I did not setup a second SMTP VS nor did I enable "require tls".

Thanks all for your input.