TLS on exchange 2003


One of our clients has asked us to set up a TLS connection from us to them on our exchange 2003 server.  We only have one mail server, is it possible to set this one box up to receive both encrypted and normal smtp traffic?

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This is an either or setting. Unfortunately there is not an option to select both.

Nick_DAuthor Commented:
Not even if i have  2 virtual smtp servers on different IP addresses?
AmitIT ArchitectCommented:
You can try 3rd party solution like Voltage encrption tool. I have same setup and in my outlook, i have 2 send button. One for normal and one for TLS. But see, if you have ready to spend that much money.
Defend Against the Q2 Top Security Threats

Were you aware that overall malware worldwide was down a surprising 42% from Q1'18? Every quarter, the WatchGuard Threat Lab releases an Internet Security Report that analyzes the top threat trends impacting companies worldwide. Learn more by viewing our on-demand webinar today!

Nick_DAuthor Commented:
Thanks for the repsonses guys.  I was hoping that there would be a way to do it with what we already have in the box plus the additon of an ssl cert?  If I have two virtual smtp servers on different ip's and then get my router to map the traffic to to correct ip dependant on it's port number?

will this work?
You can create a 2nd SMTP connector on the server with specific address space for that domain and set the outbound security on that connector for TLS - I see no reason that wouldnt work.

However if you dont have a second IP address for the received TLS traffic you wont be able to ensure you recieve the email over a TLS connection - but if the other party forces a TLS send then it would be OK.

I use a 3rd party gateway for email as we have some companies that we are contractualy required to encrypt mail between and everyone else if just opertunistic.
Are your clients using specific domains... if so, this may help.

Enable Transport Layer Security Encryption for a Specific Remote Domain in an Exchange Organization

To enable TLS encryption for a specific remote domain in Exchange Server, follow these steps:

Install an X.509 server certificate on the server. For more information about X.509 certificates, click the following article number to view the article in the Microsoft Knowledge Base:

319574  ( ) How to use certificates with virtual servers in Exchange 2000 Server

Create a new SMTP Connector. For more information about how to create a new SMTP Connector, click the following article number to view the article in the Microsoft Knowledge Base:

314961  ( ) How to install and to configure SMTP Connectors in Exchange 2000 Server

To enable TLS encryption, right-click the SMTP connector, and then click Properties. Click the Advanced tab, click Outbound Security, and then click to select the TLS Encryption check box.

Note If the remote domain does not support TLS encryption, all messages are returned and an NDR is generated. For more information, click the following article number to view the article in the
Microsoft Knowledge Base:

329061  ( ) Exchange Server cannot communicate with non-TLS domains


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nick_DAuthor Commented:
Thanks for your response GundogTrainer.  Would you have any recommendations for the gateway software to enable us to do this?
Nick_DAuthor Commented:
Sorry, for some reason forgot to accept this answer.

Apologies and thanks for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.