TLS emails between 2 organizations can't route properly

Posted on 2010-09-13
Last Modified: 2012-05-10

I have a SBS server 2003, has run smoothly all the time.  Recently, the client request establish secured (TLS) communication with One external party.

The external part setup their TLS settings, with Certificate Verification Required, and 128bit Encryption Level.

On our server
originally has:
1 network:
1 Default SMTP virtual server;
1 Small Business SMTP Connector

My new configuration:
Point the existing Default SMTP virtual server associated to address;
Added 2nd IP address to the network card:
Created 2nd secured SMTP virtual server, and associated it to 99 address;
purchased and installed Certificate from GoDaddy on secured SMTP virtual server, with FQDN:, (should it be
Ticked Require TLS on Access-Authentication (with Anoymous, and Intergrated ticked as well);
Access - Communication: Require Secure Channel, and Require 128 ticked;
Delivery - Outbound Security: require TLS ticked;

Created 2nd connector
General page, I selected use DNS to route to address space..., intended to send email straight out to the destination;
General - Local Bridgehead: pointed to the secured SMTP virtual server;
Address space: smtp, For Example:;

After all done, I can send email to the external party, and they will receive it;
*if I have my router listen to port 25, and forward to (default SMTP virtual server), and all incoming email are fine, except the needs to be connected external party, their email will be bounced, due to:
503 5.7.0 other side does not support STARTTLS  501 5.6.0 Data format error  

*If I pointed the router to (the secured SMTP server) for port 25, then it will reject all email non encrypted.

Can experts help in here, how do I have normal email go to 100, and secured email from the said external party go to 99?

Thanks in advance.
Question by:mcclewan
  • 2
  • 2

Expert Comment

ID: 33670245
For outgoing email, you need to create a new outgoing SMTP connector and specify the address space to the external party domain.

Expert Comment

ID: 33670261
Check out on how to configure send connectors

Author Comment

ID: 33670715
Thanks.  I already have the 2nd connector done, and outgoing reaches the other party.  Issue is incoming secured mail had bounced.

Accepted Solution

mcclewan earned 0 total points
ID: 33750341
Found Problem.  It went through Spam Vendor before reach our exchange server.

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ISP 1000 - Netscreen 2 49
Mircosoft Exchange Server 12 52
SBS2011 - Can't change internet domain name 4 46
Configure SBS 2008 monitoring 4 45
When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
Encryption for Business Encryption ( ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now