Not Receiving SSL-encrypted mail in Exchange 2003

patkengroup
patkengroup used Ask the Experts™
on
I have an issue that was partially solved by you great experts at EE, so I'm hoping for the same results this time out.

I have an Exchange 2003 server. A customer of ours recently told us that they are now requiring all mail to and from us and them to be encrypted.

To address this, I purchased a UCC SSL cert from Go Daddy, and installed it on the Exchange server. I set up a separate SMTP connector in Exchange to pass all mail to this client's specified domain names through it, and set enforcement of SSL encryption. this was the help i got on the last question, and it was great. This part is now working like a champ" All mail being received by them from us is properly encrypted in TLS format.

Now, however, mail they send to us is being rejected for lack of sufficient encryption. I have attached a text file of the errors they are getting when trying to send mail to us.

This is a large client. Help to solve this quickly will be appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Sorry, forgot to attach the file!
TSL-Encryption-errors.txt
Apr 18 02:07:32 mxdfbv01i.wellsfargo.com sm-mta[4830]: q3HEXkrw017703: to=<bar@riazzimgmt.com>, delay=11:33:46, xdelay=00:00:00, mailer=esmtp, pri=256324, relay=mail.riazzimgmt.com. [99.29.48.89], dsn=4.0.0, stat=Deferred: 403 4.7.0 encryption too weak 0 less than 128

I am not the, or even "a", expert here, but that last part of the error looks pretty straightforward.... one side or the other is expecting encription > 128.  

Maybe a call to the IT department at the other end to get exactly the requirements?

Author

Commented:
i will contact them, and ask for any additional clarification they can provide to me.
Hello,

In order to receive the TLS encrypted email, you need to create a second SMTP virtual server. This VS will need to use a second IP that you assign to the server. You will then force TLS encryption on this VS. The sender will need to setup a connector on their end which sends email for your domain to the IP of the new VS, instead of using DNS.

This article explains the details - http://www.networkworld.com/news/2007/011807-tls4.html

JJ

Author

Commented:
That did it. Thanks for the solution.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial