Solved

TLS emails between 2 organizations can't route properly

Posted on 2010-09-13
4
1,034 Views
Last Modified: 2012-05-10
Hi,

I have a SBS server 2003, has run smoothly all the time.  Recently, the client request establish secured (TLS) communication with One external party.

The external part setup their TLS settings, with Certificate Verification Required, and 128bit Encryption Level.

On our server
originally has:
1 network: 192.168.40.100
1 Default SMTP virtual server;
1 Small Business SMTP Connector

My new configuration:
Point the existing Default SMTP virtual server associated to 192.168.40.100 address;
Added 2nd IP address to the network card: 192.168.40.99
Created 2nd secured SMTP virtual server, and associated it to 99 address;
purchased and installed Certificate from GoDaddy on secured SMTP virtual server, with FQDN: abc.com.au, (should it be mail.abc.com.au?)
Ticked Require TLS on Access-Authentication (with Anoymous, and Intergrated ticked as well);
Access - Communication: Require Secure Channel, and Require 128 ticked;
Delivery - Outbound Security: require TLS ticked;

Created 2nd connector
General page, I selected use DNS to route to address space..., intended to send email straight out to the destination;
General - Local Bridgehead: pointed to the secured SMTP virtual server;
Address space: smtp destination.com, For Example: microsoft.com;

After all done, I can send email to the external party, and they will receive it;
But,
*if I have my router listen to port 25, and forward to 192.168.40.100 (default SMTP virtual server), and all incoming email are fine, except the needs to be connected external party, their email will be bounced, due to:
503 5.7.0 other side does not support STARTTLS  501 5.6.0 Data format error  

*If I pointed the router to 192.168.40.99 (the secured SMTP server) for port 25, then it will reject all email non encrypted.

Can experts help in here, how do I have normal email go to 100, and secured email from the said external party go to 99?

Thanks in advance.
0
Comment
Question by:mcclewan
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:cybera
Comment Utility
For outgoing email, you need to create a new outgoing SMTP connector and specify the address space to the external party domain.
0
 
LVL 4

Expert Comment

by:cybera
Comment Utility
Check out http://www.petri.co.il/configuring-exchange-2007-send-connectors.htm on how to configure send connectors
0
 

Author Comment

by:mcclewan
Comment Utility
Thanks.  I already have the 2nd connector done, and outgoing reaches the other party.  Issue is incoming secured mail had bounced.
0
 

Accepted Solution

by:
mcclewan earned 0 total points
Comment Utility
Found Problem.  It went through Spam Vendor before reach our exchange server.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now