• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 554
  • Last Modified:

Configuration for Inbound emails and Certificates for TLS on Exchange 2003

We were asked to enable TLS for one customer so I read a few guides on configuring TLS on Exchange 2003 and so far Ive got it working Outbound as far as I can tell. Ive got my SMTP Connector setup to send emails through a Virtual server with the Certificate installed on etc and emails seem to make their way out of the queue with TLS enabled so I assume it must be working?
My questions are more related to inbound emails and what the SMTP certificate should be called. Currently the certificate we bought simply has the name of the server. It does not have the internal domain or the FQDN.
Currently the certificate is as follows:

SERVERNAME

Using hotmail.com as an example can someone clear up what the certificate should have on it? The mx certificate is mx1.hotmail.com (again thats an example :P)  so what should the TLS certificate be called?  SERVERNAME.hotmail.com? Or something else?
As for inbound emails, because I want to leave the regular SMTP Virtual server working for all other emails from other domains I assume I will have to setup a separate IP to receive inbound emails? They will only be coming in from one customer so Im assuming the emails have to come in the same way they went out which is through the TLS enabled Virtual Server?
0
Phal44
Asked:
Phal44
  • 4
1 Solution
 
kcoectCommented:
If I remember correctly, the certificate name should match the FQDN of the server that the remote user is communicating with.  For example, if your domain is widgets.com and your server name is email, then the server would answer an SMTP connection HELO or EHLO with

email.widgets.com

That's what your certificate would need to be set too.  This is because the sender would then attempt to verify that the certificate for email.widgets.com was valid (via Verisign, Thought, Network Solutions, etc...)
0
 
Phal44Author Commented:
So the server name is nothing to do with the usual mx record available to the public but is actually the internal domain/network name?

So does the inbound mail need to be routed directly to the Virtual Server that has TLS enabled? Or can it come in through the usual mail delivery route?
0
 
Phal44Author Commented:
Still not sure how the inbound emails need to be arranged.

When receiving TLS emails, do they need to come through the Virtual Server with TLS enabled? Or can the regular Virtual Server receive TLS emails even if TLS isnt enabled on there?
0
 
Phal44Author Commented:
Well... Im still not 100% about how the inbound email has to be configured but after doing some testing Im more like 95% sure :P

Ive ended up configuring new IPs to receive TLS SMTP traffic separately from the regular SMTP trafic.

Thanks for the help KCoect :) even if it was only part of the question :P  lol
0
 
Phal44Author Commented:
TLS mail now working using separate IP to receive whilst the regular SMTP traffic continues as usual
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now