Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Ins and outs of TLS?

Posted on 2012-04-02
6
Medium Priority
?
356 Views
Last Modified: 2012-05-10
Hello!
 Have a client that is required to use TLS for accepting mail from a government agency.  I have a 2003 Small Business Server Std and wonder how to implement it.  Or is it already on?  How do I use it?  Get Exchange to use it?  
 As you may be albe to tell, I am not that familiar with it.  I know its secure smtp over a different port (isnt it?) and just need some guidance on how to implement / configure it.

 Many thanks!
0
Comment
Question by:Lorenzo Cricchio
  • 3
  • 3
6 Comments
 
LVL 43

Expert Comment

by:Adam Brown
ID: 37797427
TLS doesn't run over a separate port for SMTP. Basically what happens in a TLS SMTP transaction is when the two servers communicate with one another, the sending server issues a STARTTLS command to the receiving server. If this command succeeds, the transaction begins to be secured using the server certificate that is assigned to the server, much like HTTPS is secured with SSL. You have to configure it to work with Exchange 2003. I haven't worked with 2003 in a *long* time so I don't know the specifics, but I think you have to create a new send connector that requires TLS to communicate with the government organization. http://www.networkworld.com/news/2007/011807-tls1.html has a lot of information about TLS and how to implement it with Exchange 2003. Note that there are 5 parts to it, so read the first and at the bottom of that there are links to 4 more articles.
0
 
LVL 1

Author Comment

by:Lorenzo Cricchio
ID: 37797783
Does the incoming still travel over port 25?  I dont have the SBS multihoned and is behind a firewall.  Along with 25, 443 is sent to the SBS.  
  I think they already have a cert from Godaddy.  I suspect I can use that one?
0
 
LVL 43

Accepted Solution

by:
Adam Brown earned 1500 total points
ID: 37797788
All Secured SMTP traffic using TLS goes over port 25 (Unless you configure it to use a different port, which is possible). And you can use your Godaddy cert for the connection.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 1

Author Comment

by:Lorenzo Cricchio
ID: 37797819
they do have a cert, but I think it was selfsigned. That still ok to use?
0
 
LVL 43

Expert Comment

by:Adam Brown
ID: 37797854
It's not preferred. You might get some error messages in your event logs regarding the certificate if you use that one, but the TLS session should still work.
0
 
LVL 1

Author Closing Comment

by:Lorenzo Cricchio
ID: 37954496
Cert from godaddy installed and seems to be up and running AOK!  Thanks!
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Suggested Courses
Course of the Month12 days, 12 hours left to enroll

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question