Solved

Inbound TLS on Exchange 2003

Posted on 2009-07-16
5
592 Views
Last Modified: 2013-11-30
I've a Exchange 2003 server and I want to be able to accept incoming TLS from one source. I've installed a certificate. If the sending server requires TLS, will my default SMTP VS accept TLS? Even though I don't have "require tls" enabled?

I'd like to avoid setting up multiple VS and connectors if possible, since I only need to accept incoming TLS if it's required.
0
Comment
Question by:Jason Wilcox
  • 2
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
Mestha earned 125 total points
ID: 24873731
Exchange 2003 doesn't do opportunist TLS. It is either ON or OFF for all traffic.
Therefore you will need multiple SMTP virtual servers and if you want to have TLS going over port 25, multiple IP addresses. The remote side will need to know either the alternative port (465 is the usual port used) or the alternative IP address.

SMTP connectors are only concerned with outbound traffic, nothing to do with inbound, so additional connectors are not required.

Simon.
0
 
LVL 3

Author Comment

by:Jason Wilcox
ID: 24873792
I only want one way TLS (just incoming). The sender is requiring TLS on his Exchange server, I'm not. I ran a test and determined that the sender can send TLS to my server through the default VS when the sending server is set to require TLS.

I think the confusion here is that most cases are such that TLS is set to required on the recipient side as well, so then I would have to have two SMTP VS's.
0
 
LVL 11

Expert Comment

by:tmeunier
ID: 24874015
Well, when I want to set up TLS-required between two companies using Exchange Server 2003, what I do is I create SMTP connectors on each of the servers.  One for *, with a cost of 10 (for example), and one for othercompany.com with a cost of 5.  Then on THAT CONNECTOR, I require TLS.  I then make sure I've got the SSL certificate installed for the SMTP virtual server.  It sounds like you have that part all set, as does your business partner.   Now, company A and company B will ALWAYS communicate using TLS.  

Opportunistic TLS, as Mestha notes, is one of the upgrade benefits of Exchange 2007.
0
 
LVL 65

Expert Comment

by:Mestha
ID: 24874041
You will need to have two SMTP virtual servers to receive email on TLS - one that has TLS enabled, one that does not. You will also need to have a valid SSL certificate on the SMTP virtual server so that the session can be established.

Simon.
0
 
LVL 3

Author Comment

by:Jason Wilcox
ID: 24874108
I think i've not been clear in my circumstance. I have Exchange server A, the sender has Exchange server B. ExchB is set to only allow TLS when sending. ExchB is trying to send email to my ExchA. So as far as TLS is concerned, I'm only needing to be able to receive TLS from ExchB. I don't want to require all incoming email to ExchA be TLS.

In testing what I've found... Sending from ExchB to ExchA failed with TLS failed to connect errors. I installed a certificate on ExchA. Now ExchB can send using TLS to ExchA. I did not setup a second SMTP VS nor did I enable "require tls".

Thanks all for your input.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
mail server backup 10 33
New firewall implementation guidance 12 57
Changed email server and mail going to both servers 19 37
Email signature with pictures on iPad/iPhone 1 30
Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

806 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question