How to enable TLS on incoming emails in Exchange 2003

Hello all,
I have been reading dozens of posts and KB articles but i'm stuck.  

My customer has been told they need to be able to receive secure emaisl via TLS.  

Okay, I have ordered and received the ssl cert for mail.domain.com.  

I understand in Exchange 2003 TLS is either on or off.  they need to receive normal unsecure email and new secure email so I think that means I need two SMTP Virtual servers.  One with TLS and one without.  

I think I am supposed to add a second IP address to the NIC and use that IP address in a new TLS SMTP Virtual server - Is that correct?

If each SMTP VS has a different IP then how do I NAT the incomming emails (port 25) to the two different SMTP ?

Am I completely off the mark???
Thanks
CITS_UserAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
fgrushevskyConnect With a Mentor Commented:
you can ask the other side send you email, then examine the header of the received message to see if TLS was used
0
 
Glen KnightCommented:
Yu are correct, you cannot setup opportunistic TLS with Exchange 2003.

There is a step by step here on how to do it: http://support.microsoft.com/kb/823019

You will need to add a second IP to the NIC of the exchange server
0
 
CITS_UserAuthor Commented:
Thanks JBond2010 but I had already read that one.  

damazter, I read KB823019 but i doesnt really help.  

How does the incoming mail know which SMTP VS to use?
0
Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

 
fgrushevskyCommented:
incoming mail would your default (public mx record facing) virtual server. no need to change that
The TLS will be negotiated by the sending server (other side). It will request TLS connection (if configured to do so) and your server would oblige (assuming that you install certificate)
you would use your other virtual server to send mail to specific domains (the one you need for TLS)  and TLS would me mandatory on that VS
0
 
CITS_UserAuthor Commented:
The mx record is the wan address which then nats port 25 to the lan ip address of the default smtp vs which does not have tls enabled.  192.168.0.250

The new smtp vs which has tls enabled and ssl cert applied has a different lan ip address.  192.168.0.249

Sending of encrypted mail is not required just receiving from some domains.  

How does the senders encrypted mail get through to the new smtp vs (.249)?

To be honest, I dont know if I have this configured correctly at all.  

Any and all help is greatly appreciated.  

Thanks
0
 
fgrushevskyCommented:
check your default smtp vs, access tab, secure communication secrion. Do you have both certificate and communication grey out or the options are available?
0
 
CITS_UserAuthor Commented:
On the default SMTP VS, access tab, the Certificate button is available, the communication button is greyed out.  

Thanks
0
 
fgrushevskyCommented:
click on certificate button, run the wizard to get certificate installed (or to verify that it is there)

once it is done,  telnet on port 25 on your mx record host (external). when your smtp server responded with the greeting, type
ehlo <yourdomain>

Then your server will respond with the list of supported extended smtp commands. If STARTTLS is there - then you are all set
0
 
CITS_UserAuthor Commented:
Hi
TLS is selected and the cert is installed on the SECOND smtp vs.  

Am I reading your post clearly - I should install the cert on the DEFAULT smtp vs that doesnt have tls selected?

Thanks
0
 
fgrushevskyCommented:
yes, you will need to install certificate on the default smtp.
0
 
CITS_UserAuthor Commented:
Thank you all for your input.  I'm still unclear if I've done it correctly or not.  
I'll keep looking.  
0
 
CITS_UserAuthor Commented:
Thanks for the reply.  I'll check the header.
0
All Courses

From novice to tech pro — start learning today.