Exchange 2010 - TLS E-mail Transmission

Posted on 2011-05-02
Last Modified: 2012-08-13
I'm trying to configure TLS in my Exchange 2007/2010 environment and having some issues.

We have a send connector (Default) just sends mail out to (*) to the internet based on MX records. However we would like for the following to happen.

We would like to be able to FORCE TLS on specific domains.

To my knowledge we would have to create an additional send connector for those specific domains and force it to only send that mail encrypted and all other domains can go through the default (current) send connector.

I followed this article from Microsoft.

Set-TransportConfig -TLSSendDomainSecureList
Set-SendConnector "Secured Send Connector" -DomainSecureEnabled:$True

I've also used and I get my reply as 'successful'. Not sure what this means.

However, I just need to make sure if I send an e-mail that it WILL be sent SECURELY or it will FAIL.

I just feel like Microsoft kicked the bucket on this. Considering if I ever need to add a domain to the list, I'd have to do it via command list and also include domains that already exist in that list that has no command to show.

Any guidance would be greatly appreciated.

Thanks in advance!

Question by:rbmacct
    LVL 6

    Accepted Solution

    you can set/force the connector to only send TLS messages, this is done by:

    Set-SendConnector "name_of_send_connector" -RequireTLS:$true

    to answer the other aprt of your question
    "include domains that already exist in that list":
    Get-TransportConfig | format-list TLS*Domain*

    another command you may find useful is, to wipe the domains list, starting fresh:
    Set-TransportConfig -TLSSendDomainSecureList $null

    hope this help
    LVL 2

    Assisted Solution

    The test you ran verifies that you CAN send TLS email.  It doesn't verify that you HAVE TO use TLS to send.  Most email systems "fall back" to insecure mode if they cannot get TLS to work. has a test that does exactly what you want: verifies that your site HAS TO use TLS when sending to certain other domains.

    Add the domain "" to your SendDomainSecureList (the list of domains that you want to ONLY use TLS, i.e. "TLS or die"), then browse to, pull down the Tests menu and choose TLS Only Sender.  Follow the instructions to send an email to

    In about 30 minutes (one queue retry), you'll know if you are correctly requiring TLS or not.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Suggested Solutions

    Email statistics and Mailbox database quotas You might have an interest in attaining information such as mailbox details, mailbox statistics and mailbox database details from Exchange server. At that point, knowing how to retrieve this information …
    Set OWA language and time zone in Exchange for individuals, all users or per database.
    In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
    In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now