?
Solved

How can you test TLS encryption with Exchange 2010

Posted on 2010-09-16
14
Medium Priority
?
5,080 Views
Last Modified: 2012-06-27
Setup TLS encryption- sent email to client- got a message that it had been delievered but would retry over the next 19 hours.  Is there a better way to test?
0
Comment
Question by:funkyone60
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 49

Expert Comment

by:Akhater
ID: 33692298
what do you mean by "to a client" to test TLS it should be setup on both servers, you cannot test TLS alone
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33692311
to setup tls
http://technet.microsoft.com/en-us/library/bb123543.aspx

the recipient then needs to look at the message headers to verify
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33692315
You just need to analyze the message that you have sent, details are at this link ;

http://luxsci.com/blog/how-you-can-tell-if-an-email-was-sent-using-tls-encryption.html

I would just set up a gmail account and then view the header for the above info :-

   1. Log in to Gmail.
   2. Open the message you'd like to view headers for.
   3. Click the down arrow next to Reply, at the top-right of the message pane.
   4. Select Show original.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 32

Expert Comment

by:endital1097
ID: 33692320
if the recipient's mail server is not TLS ready it will not receive via TLS
telnet into the recipient's server and look for STARTTLS verb

telnet mail.domian.com 25
ehlo mydomain.com
0
 

Author Comment

by:funkyone60
ID: 33693080
the client is requiring us to send email to them via TLS- there servers are setup to accept TLS.  I sent a test email yesterday- response I got back was:

This message hasn't been delivered yet. Delivery will continue to be attempted.

The server will keep trying to deliver this message for the next 1 days, 19 hours and 55 minutes. You'll be notified if the message can't be delivered by that time.
 
I have 2 parts to this equation - one is the configuration on Exchange- the other is the config  with Postini.  The Postini config seemed pretty straight forward.

What I would like to be able to do is to setup a test environment so I can make sure its working on my end.
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33693415
this article tells you how to setup TLS with Exchange 2010
http://technet.microsoft.com/en-us/library/bb123543.aspx

if the message is no longer in your queue, then your system delivered it and the issue is on the other end
0
 

Author Comment

by:funkyone60
ID: 33693629
We did all this yesterday- what I need to do is test- I don't know if my tls mail is making it to the client- is there some other way to test this?
0
 

Author Comment

by:funkyone60
ID: 33693668
I am only trying to setup tls for this one client- not accross the board
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33693672
after you send the message you can use the message tracking tool and queue viewer to determine if the message has left your environment

if it has, there is nothing else you can do
the recipient then needs to verify by looking at the headers of the message
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33693689
they will look for the following

Received: from smtp.fabrikam.com ([121.107.115.212])  by smtp.contoso.com with
 ESMTP/TLS/RC4-MD5; 15 Sep 2010 09:54:17 -0400
0
 
LVL 32

Expert Comment

by:endital1097
ID: 33693716
step 3 of the article i gave shows how to setup TLS with a domain
0
 

Author Comment

by:funkyone60
ID: 33695958
they are not getting emails at all now- what is the best way to undo the tls settings i setup from yesterday?
0
 
LVL 32

Accepted Solution

by:
endital1097 earned 2000 total points
ID: 33697105
Set-TransportConfig -TLSSendDomainSecureList $null
0
 

Author Closing Comment

by:funkyone60
ID: 33701787
All of his suggestions are dead on- thanks for your assistance
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question