TMG as a smtp to TLS gateway.

We would like to use our TMG as a perimeter gateway to encrypt mail traffic using TLS between an external mail provider and  an smtp server on the inside. (TLS on the outside and SMTP on the inside). We do not need virus checking or filtering in the TMG. It should act only as a SMT to TLS gateway.
The question is if we need to install the Exchange Server Edge Transport role or not?

Who is Participating?
Glen KnightConnect With a Mentor Commented:
>>Edge server is nothing more than a spam filter

This statement is completely wrong, Edge Transport Role is not only a message cleansing role it's also an SMTP Relay or Smarthost service.

It's designed so that it acts as a barrier between your internal SMTP service and your external one.

However, if all you want to do is send TLS then Exchange Send Connectors can do this for you and this doesn't require an Edge Transport service
Suliman Abu KharroubIT Consultant Commented:
Edge server is nothing more than a spam filter...for your requirements you dont have to deploy an edge serve.
Suliman Abu KharroubIT Consultant Commented:
Thanks demazter for correction.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Agreed - just make sure you enable TLS at the right point else ALL SMTP traffic will expect to be TLS-enabled. You don't mention the version of Exchange you are running but assuming it is Exchange 2007/2010 then you do at least have the ability for opportunistic TLS.
PerrebAuthor Commented:
Thanks all for replies.  The inside server is a 2003 and as I understand it can not have different TLS settings for differend connectors. TLS can be ON or OFF Globally. An uppgrade to 2007/2010 is not possible at this time.  Thats why we want to use the TMG between the server and the external mail provider where we want to use Enforced TLS. The TMG is installed and configured. SMTP works fine but TLS not. Thats why I suspected we needed Edge transport to make it work.
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Under 2003, I thought you could make a secondary virtual server etc and create an SMTP connector within just for the domain(s) you want TLS to operate with (correct, opportunistic TLS didn't come in until 2007).
Glen KnightCommented:
Keith is right, to enable TLS with Exchange 2003 create a new Virtual Server, set the TLS settings on that virtual server then create a new SMTP Connector with the appropriate address space and then select the Virtual Server you created earlier.

Its much easier with 2007/2010 and if you are using 2003 a 2007 or 2010 Edge server wouldn't be of any use to you anyway.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.