TLS Send and Receive SBS 2003

I need to set up TLS to send and receive to one specific domain. This is for server to server secured communication. All other emails sent or received are non-TLS. I know how to set up the send (New SMTP Connector TLS enabled). What do I have to do to receive TLS mail from this one domain server?

I have an SBS 2003 box that  must send and receive to an Exchange 2007 box.
I have two nic cards and a Sonic Wall Firewall.

Who is Participating?
Satya PathakConnect With a Mentor Lead Technical ConsultantCommented:
This is very good article as per your requirement just have a read once.
Jamie McKillopIT ManagerCommented:

If you want to force TLS encryption, you need to configure a second virtual SMTP server. This VS will need to use a different IP or a different port than the default SMTP server. You then configure this VS to force TLS ( You will need to setup a send connector on the Exchange 2007 server to use the port/IP of the new VS.

xpressaccountsAuthor Commented:
Thanks for your response: I have read that creating 2 ip addresses may cause some serious problems for this SBS 2003 server. See these comments below:

"The idea is to create an additional SMTP VS, however, you need an additional
IP address. The default MX record would be mapped to the default SMTP VS' IP
address, whereas whomever you are setting up a secure mail connection with,
you have to specify the other IP directly, and not use the MX record.
However, this requires additional external IPs, one of which you would map
to the other SMTP VS.

You will you need to introduce an additional IP on SBS. You will need to
specifically specify the IP in each SMTP VS. The default needs to be set to
the default IP of SBS' outside address (or the default internal address if
SBS is single homed), and the additional IP to the TLS SMTP VS.

But that introduces problems when adding IPs on SBS. Using the wizard, SBS
can handle two interfaces, but once you introduce an additonal IP, it won't
know what to do with it. The result is it will add an extra record in DNS
for it's AD SRV, LdapIpAddress, GcIpAddress and the SBS' own internal A
record, which is not good for AD. There are methods that can alter the
Netlogon service regsitration behavior, which registers these records, but
it's designed for non-SBS machines, and it has not been done on SBS, as far
as I know, and well, I don't recommend it."
Jamie McKillopIT ManagerCommented:
If you are only transferring mail with one external partner, the best way to do it is to set the new VS on a different port instead of a different IP. On the partner's side, they just create a connector for your domain that uses the new port.

xpressaccountsAuthor Commented:
Sembee solution works and is easiet to implement for server to server TLS.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.