• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 612
  • Last Modified:

Inbound TLS on Exchange 2003

I've a Exchange 2003 server and I want to be able to accept incoming TLS from one source. I've installed a certificate. If the sending server requires TLS, will my default SMTP VS accept TLS? Even though I don't have "require tls" enabled?

I'd like to avoid setting up multiple VS and connectors if possible, since I only need to accept incoming TLS if it's required.
0
Jason Wilcox
Asked:
Jason Wilcox
  • 2
  • 2
1 Solution
 
MesthaCommented:
Exchange 2003 doesn't do opportunist TLS. It is either ON or OFF for all traffic.
Therefore you will need multiple SMTP virtual servers and if you want to have TLS going over port 25, multiple IP addresses. The remote side will need to know either the alternative port (465 is the usual port used) or the alternative IP address.

SMTP connectors are only concerned with outbound traffic, nothing to do with inbound, so additional connectors are not required.

Simon.
0
 
Jason WilcoxAuthor Commented:
I only want one way TLS (just incoming). The sender is requiring TLS on his Exchange server, I'm not. I ran a test and determined that the sender can send TLS to my server through the default VS when the sending server is set to require TLS.

I think the confusion here is that most cases are such that TLS is set to required on the recipient side as well, so then I would have to have two SMTP VS's.
0
 
tmeunierCommented:
Well, when I want to set up TLS-required between two companies using Exchange Server 2003, what I do is I create SMTP connectors on each of the servers.  One for *, with a cost of 10 (for example), and one for othercompany.com with a cost of 5.  Then on THAT CONNECTOR, I require TLS.  I then make sure I've got the SSL certificate installed for the SMTP virtual server.  It sounds like you have that part all set, as does your business partner.   Now, company A and company B will ALWAYS communicate using TLS.  

Opportunistic TLS, as Mestha notes, is one of the upgrade benefits of Exchange 2007.
0
 
MesthaCommented:
You will need to have two SMTP virtual servers to receive email on TLS - one that has TLS enabled, one that does not. You will also need to have a valid SSL certificate on the SMTP virtual server so that the session can be established.

Simon.
0
 
Jason WilcoxAuthor Commented:
I think i've not been clear in my circumstance. I have Exchange server A, the sender has Exchange server B. ExchB is set to only allow TLS when sending. ExchB is trying to send email to my ExchA. So as far as TLS is concerned, I'm only needing to be able to receive TLS from ExchB. I don't want to require all incoming email to ExchA be TLS.

In testing what I've found... Sending from ExchB to ExchA failed with TLS failed to connect errors. I installed a certificate on ExchA. Now ExchB can send using TLS to ExchA. I did not setup a second SMTP VS nor did I enable "require tls".

Thanks all for your input.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now