• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 782
  • Last Modified:

Setup TLS for Exchange 2003 for outbound email without using TLS for internal domains via SMTP Connector

I need to configure TLS to Postiti for email bound for the Internet.  I have three (3) exchange 2003 standard servers.  Two are database servers and one is a front-end server.  Only one (1) database server is the bridgehead server.  Currently all email goes out unencrypted, is routed through Postini for filtering and content inspection, and delivered.

Outbound email is being send via two SMPT connectors, SharePoint Connector and SMTP Out connector.  One (1) is for email transmission to a server running SharePoint with plain old SMTP services.  This connector looks at the address space sps.<mydomain>.local.  The other connector's address space is "*" and sends all other email to a Postini server via a SmartHost.

Can anyone give me some guidance to help me figure out how/where to setup TLS so that it's only used for outbound email to the Internet and not used for any internal MAPI clients or internal email to sps.<mydomain>.local.
  • 2
1 Solution
Find out what the postini dns name is and setup the connector with mail going to * to do TLS with Postini.  Any mail going to the sharepoint connector will not be in TLS.
blanchard81Author Commented:
Thanks for the response.

Having not previously setup TLS, I'm a bit confused on where I should be setting it up if I'm using SMTP Connectors rather than (or in addition to? ) the Default SMTP Virtual Server to send out mail.  I also realized that I need to allow for inbound TLS from Postini as well.

All documentation I read seems to indicate that I need to install an x.509 cert on the Default SMTP Virtual Server (http://support.microsoft.com/kb/829721) in order to encrypt outbound email.  Assuming that's done, should I eliminate the SMTP Out connector all together and let the Default SMTP Virtual Server handle the outbound traffic (except the traffic that would go out on the internal SharePoint connector)?  Would the SharePoint Connector still trump the Virtual Server and allow for uncrypted email, or would I have to leave the two connectors?

Install the certificate on the Default SMTP Virtual Server on your Exchange Front-End server.  No TLS settings need to be made on the virtual server.  If you already have a cert there for webmail, the same certificate can be used.

Create a connector or use the existing connector to send email to postini.  Put the Front-end server as the Local Bridge Head server.  On the Advanced tab of the connector select Outboud Security and select TLS Encryption.

If the certificate has been installed on the front end server it will automatically do TLS with any incoming source that is TLS compatible.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now