Setup TLS for Exchange 2003 for outbound email without using TLS for internal domains via SMTP Connector
I need to configure TLS to Postiti for email bound for the Internet. I have three (3) exchange 2003 standard servers. Two are database servers and one is a front-end server. Only one (1) database server is the bridgehead server. Currently all email goes out unencrypted, is routed through Postini for filtering and content inspection, and delivered.
Outbound email is being send via two SMPT connectors, SharePoint Connector and SMTP Out connector. One (1) is for email transmission to a server running SharePoint with plain old SMTP services. This connector looks at the address space sps.<mydomain>.local. The other connector's address space is "*" and sends all other email to a Postini server via a SmartHost.
Can anyone give me some guidance to help me figure out how/where to setup TLS so that it's only used for outbound email to the Internet and not used for any internal MAPI clients or internal email to sps.<mydomain>.local.
Outbound email is being send via two SMPT connectors, SharePoint Connector and SMTP Out connector. One (1) is for email transmission to a server running SharePoint with plain old SMTP services. This connector looks at the address space sps.<mydomain>.local. The other connector's address space is "*" and sends all other email to a Postini server via a SmartHost.
Can anyone give me some guidance to help me figure out how/where to setup TLS so that it's only used for outbound email to the Internet and not used for any internal MAPI clients or internal email to sps.<mydomain>.local.
Find out what the postini dns name is and setup the connector with mail going to * to do TLS with Postini. Any mail going to the sharepoint connector will not be in TLS.
ASKER
Thanks for the response.
Having not previously setup TLS, I'm a bit confused on where I should be setting it up if I'm using SMTP Connectors rather than (or in addition to? ) the Default SMTP Virtual Server to send out mail. I also realized that I need to allow for inbound TLS from Postini as well.
All documentation I read seems to indicate that I need to install an x.509 cert on the Default SMTP Virtual Server (http://support.microsoft.com/kb/829721) in order to encrypt outbound email. Assuming that's done, should I eliminate the SMTP Out connector all together and let the Default SMTP Virtual Server handle the outbound traffic (except the traffic that would go out on the internal SharePoint connector)? Would the SharePoint Connector still trump the Virtual Server and allow for uncrypted email, or would I have to leave the two connectors?
Having not previously setup TLS, I'm a bit confused on where I should be setting it up if I'm using SMTP Connectors rather than (or in addition to? ) the Default SMTP Virtual Server to send out mail. I also realized that I need to allow for inbound TLS from Postini as well.
All documentation I read seems to indicate that I need to install an x.509 cert on the Default SMTP Virtual Server (http://support.microsoft.com/kb/829721) in order to encrypt outbound email. Assuming that's done, should I eliminate the SMTP Out connector all together and let the Default SMTP Virtual Server handle the outbound traffic (except the traffic that would go out on the internal SharePoint connector)? Would the SharePoint Connector still trump the Virtual Server and allow for uncrypted email, or would I have to leave the two connectors?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.