TLS Send and Receive SBS 2003

I need to set up TLS to send and receive to one specific domain. This is for server to server secured communication. All other emails sent or received are non-TLS. I know how to set up the send (New SMTP Connector TLS enabled). What do I have to do to receive TLS mail from this one domain server?

I have an SBS 2003 box that  must send and receive to an Exchange 2007 box.
I have two nic cards and a Sonic Wall Firewall.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jamie McKillopIT ManagerCommented:

If you want to force TLS encryption, you need to configure a second virtual SMTP server. This VS will need to use a different IP or a different port than the default SMTP server. You then configure this VS to force TLS ( You will need to setup a send connector on the Exchange 2007 server to use the port/IP of the new VS.

Satya PathakLead Technical ConsultantCommented:
This is very good article as per your requirement just have a read once.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xpressaccountsAuthor Commented:
Thanks for your response: I have read that creating 2 ip addresses may cause some serious problems for this SBS 2003 server. See these comments below:

"The idea is to create an additional SMTP VS, however, you need an additional
IP address. The default MX record would be mapped to the default SMTP VS' IP
address, whereas whomever you are setting up a secure mail connection with,
you have to specify the other IP directly, and not use the MX record.
However, this requires additional external IPs, one of which you would map
to the other SMTP VS.

You will you need to introduce an additional IP on SBS. You will need to
specifically specify the IP in each SMTP VS. The default needs to be set to
the default IP of SBS' outside address (or the default internal address if
SBS is single homed), and the additional IP to the TLS SMTP VS.

But that introduces problems when adding IPs on SBS. Using the wizard, SBS
can handle two interfaces, but once you introduce an additonal IP, it won't
know what to do with it. The result is it will add an extra record in DNS
for it's AD SRV, LdapIpAddress, GcIpAddress and the SBS' own internal A
record, which is not good for AD. There are methods that can alter the
Netlogon service regsitration behavior, which registers these records, but
it's designed for non-SBS machines, and it has not been done on SBS, as far
as I know, and well, I don't recommend it."
Jamie McKillopIT ManagerCommented:
If you are only transferring mail with one external partner, the best way to do it is to set the new VS on a different port instead of a different IP. On the partner's side, they just create a connector for your domain that uses the new port.

xpressaccountsAuthor Commented:
Sembee solution works and is easiet to implement for server to server TLS.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.