Exchange 2007 and TLS setup

I've been researching setting up TLS on Exchange 2007.  I've read some posts in regards to the setup and it doesn't seem too complex.  My understanding is Exchange 2007 is set for opportunistic TLS by default.  However, we have one client that wants the TLS forced, rather than reverting to plain text (we're only receiving, not sending).  My concern is if I do this on the current smtp receiver connector, this will implement across the board and bounce back any emails sent without TLS and obviously cause major issues.  My question is do I need to setup a new IP and smtp receiver connector exclusively for enforcing TLS?  Thank you in advance for the help.
guiness74Asked:
Who is Participating?
 
guiness74Author Commented:
Looks like it comes down to enabling the domain security and then running the two commands I mentioned.  And it looks like this can be applied to the current receiver connector without breaking transmissions for those sending non-TLS:

"Other senders that aren't listed on the TLSReceiveDomainSecureList parameter in the Set-TransportConfig cmdlet will only use TLS if TLS is supported by the sending system."

http://technet.microsoft.com/en-us/library/bb123543.aspx

Thank you for your help.  It helped guide me in the right direction.

0
 
BusbarSolutions ArchitectCommented:
enforcing TLS with partners (in your case) will require partners cooperation, if they don't setup TLS with you, you will have leave the traffic unencrypted.
the new connector idea will work but how you will enforce the people to use TLS, this is the issue, I believe that the original request lacks technical background as no way to enforce TLS over partners.
0
 
guiness74Author Commented:
Sorry, I should have specified.  The client (sender) is requesting this of us, so they'll be sending via TLS; they just don't want it to resort to plain text if TLS should fail.  As for enforcement, I thought this could be done on the receive connector.  In this TechNet white paper under "Configuring Inbound Domain Security" and "Configuring a Receiver Connector," it sounds like this can be done with the following commands:

1.  Set-TransportConfig -TLSReceiveDomainSecureList %senderdomain%
2.  Set-ReceiveConnector Inet -DomainSecureEnabled:$True -AuthMechanism TLS

Maybe I'm misunderstanding . . .
0
 
guiness74Author Commented:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.