Receive secure email from external company

Hi Folks,

My company is going to be receiving emails from another company who has asked to ensure that we can receive secure emails and that our exchange 2003 system is capable of supporting TLS.  

As mentioned above we have an Exchange 2003 server (just one server). I have a certificate installed to access our email through Outlook Web Access (and access them through IPhone's).

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company. If so do I need to install the certificates onto the 5 users PC's.


Who is Participating?
karim_hashishConnect With a Mentor Commented:

To enable TLS for receive only, you need to purchase an SSL cert from an approved vendor and install it onto the SMTP VS via the Certificate Wizard found on the Access tab of the VS properties dialog (I guess you already have this certificate,  just import it on the SMTP Virtual server as mentioned below).

Once this is in place, test that TLS is possible by using TELNET against your mail server, typing EHLO and pressing enter.

Your mail server should send back a list of verbs which would include:


This informs a remote mail server that your mail server supports TLS, and if it so chooses, begins the process of sharing public keys so that an encrypted channel can be created.

If you still have any question or for further assistance don't hesitate to refer back.

Thanks and have a nice week-end

Best Regards,


let me first answer your sub questions then i'll answer the main one

is our exchange 2003 system is capable of supporting TLS. ? Yes it is.

Would I need to buy more certificates for 5 users on my domain who are going to receive these secure emails from this external company ? No you don't. the main purpose of the certificate is to ensure secure communication as when the message enter your organization it will be like any other messages.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

   1. Install an X.509 server certificate on the server.

   2. Create a new SMTP Connector dedicated to that domain and specify the IP of the other company relay as the smart host at which the mail will be forwarded.

3- In the address space tab specify the remote domain address space (* of the other company,

   3. To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

if you have any questions thanks to refer back.

Best Regards,

Daithi_McAuthor Commented:
Hi Karim,

I won't be directly communicating with the other exchange server and it is only for incoming emails. Do I still need to create the X509 certificate?

I wont be needing to secure outgoing emails with TLS.

What I have done is enable TLS on:

ESM - Servers - Protocols - SMTP - SMTP Default VS - Right Click -Properties.  

Click Access Tab - authentication Button and put a tick in "REQUIRES TLS ENCRYPTION"

Will this suffice for what I need?



Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.