• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 804
  • Last Modified:

Exchange SMTP and Encryption

I'm having a problem with our new Exchange 2010 server. Everything is working fantastically, except for clients (smart phones and email software) that must use SMTP for outgoing mail.

For example, one users phone won't connect via SMTP. I have the Client Receive Connector setup to use port 587 with TLS encryption but the phone says the server does not support it.

I can't get Outlook or Thunderbird to connect either. I'm at a loss as to what my next step is.

Any further information that's needed from me?
0
PeralesAT
Asked:
PeralesAT
  • 6
  • 4
  • 4
  • +2
1 Solution
 
Exchange_GeekCommented:
I can't get Outlook or Thunderbird to connect either.

Connect using SMTP, OL / Thunderbird use POP/IMAP to connect to server and use SMTP to send emails, what is it about these two that you are referring to?

Regards,
Exchange_Geek
0
 
PeralesATAuthor Commented:
They claim that the authentication is not supported when they're configured as I specified on the client receive connector.
0
 
Exchange_GeekCommented:
=> What sort of authentication are they expecting - that'll be my next question,
=> Which smart phone are they using?
=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?

Regards,
Exchange_Geek
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Todd GerbertIT ConsultantCommented:
Port 587 is commonly used for secure SMTP, and has been designated as such by the Internet Assigned Numbers Authority (www.iana.org, www.wikipedia.org).

Have your receive connectors been setup to listen on port 587? And TLS is enabled?

Exchange 2010 Receive Connector - Network Settings
Exchange 2010 Receive Connector - Authentication SettingsIANA-TCP-UDP-Port-Number-Assignm.txt
0
 
Jamie McKillopCommented:
Hello,

Are you using a self-signed certificate? If so, that certificate would need to be imported into all your devices. If you are using a self-signed cert, you should purchase and switch to a commerical certificate.

JJ
0
 
PeralesATAuthor Commented:
Thanks for the replies guys. Using a Comodo SSL cert. And yes the connector is listening on port 587 with TLS turned on. I even made sure it was allowed through the firewall.
0
 
Todd GerbertIT ConsultantCommented:
And the various e-mail clients have been specifically setup to connect to the SMTP server on port 587? By default, clients might only try port 25 until you specifically tell them to use 587.

You've verified there are no DNS issues - clients are obtaining the correct IP address for the server?

You can telnet to the servers private IP address on port 587 from a workstation on your network, and you can telnet to the server public IP address on port 587 from a computer outside of your organization?

Do you use Outlook Web Access, ActiveSync or Outlook Anywhere?
0
 
Svet PaperovIT ManagerCommented:
Which security mechanisms are enabled in the authentication tab on the connector that listens on port 587?

Also, do you have some kind on smtps inspection on the perimeter firewall?
0
 
Exchange_GeekCommented:
@tgerbert My friend, I've never heard smart phones asking for authentication for SMTP on SMTPS - for this reason my question was to understand the authentication. Every person on EE who knows Exchange knows the importance and a simple Google search would be enough to understand what is 587 used for.

=> What sort of authentication are they expecting - that'll be my next question,
Are these applications simply wanting to relay across data? If yes, work with the following link to create a relay connector - I've used it on numerous occasions on many clients of mine and it works flawlessly.

=> Which smart phone are they using?
You haven't yet provided specifics on this smart phone details.

=> Ports 25 are normally used for sending / receiving emails, how come they're talking about 587?
Port 587 wouldn't be used by smart phones - they're program'd to use SMTP by default, unless they're using s/w that work only on Secure SMTP. Details on this please.

Regards,
Exchange_Geek
0
 
Svet PaperovIT ManagerCommented:
My appologies to the author of question but some clarification may be is need about how phones connect to Exchange 2010:
- Most of the phones should be using ActiveSync (new iPhones and new Androids), which is on port 443
- However, the older phones (first generations of iPhone and Androinds) didn't support ActiveSync, so they had to use other methods, like SMTP to send messages
- BlackBerry don't support ActiveSync at all, so they have to be configured with BES or BIS+SMTP to send messages
- Port 25 is generally blocked by ISPs for end users in many parts of the worlds (allowing it to their servers only), so the recommended port for secure submission is 587

More on the ports used in Exchange 2010 http://technet.microsoft.com/en-us/library/bb331973.aspx
0
 
Exchange_GeekCommented:
@sparerov: I fairly well know the phones of today and the phones of yester-years, that is why to end the controversy the question is raised - no point in us talking at length the phone composition and configuration when the actual phone may-be Iphone that doesn't need port 587 (just as you mentioned port 443). So, for your and my and the thread-sake let us end this discussion here. i think it is a fairly obvious question - if "smartphone" is referred, I'd like to know which smartphone talks on port 587 and its requirement. Agreed?

Regards,
Exchange_Geek
0
 
PeralesATAuthor Commented:
Sorry, was gone for the weekend. Here's how my client receive connector is configured:
ClientReceive PortClientReceive Auth MethodsClientReceive Permission Groups
The phone is an Android phone that only supports one ActiveSync connection. He uses this connection for his full-time job, not with us. This is why I need to set him up with a connection via SMTP.

Thanks!
0
 
Svet PaperovIT ManagerCommented:
The receive connector seems OK to me.

Does it pass the tests of Microsoft Remote Connectivity Analyser at https://www.testexchangeconnectivity.com/ ?

You may have more clues in its report.
0
 
PeralesATAuthor Commented:
Everything checks out okay with ExRCA. Here's the error any time I try and connect via SMTP with Outlook. It's the same result as the Android Phone:

Encryption Error
0
 
PeralesATAuthor Commented:
I figured it out! It was a certificate issue. The domain name being used did not match the available certificate for SMTP.

I use the cmdlet: get-exchangecertificate and saw that our external DNS certificate wasn't being used. I re-assigned it to SMTP and then the connection worked like it should.

Thank you for all the help everyone!
0
 
Svet PaperovIT ManagerCommented:
Good to hear that.

It's stange though that the ExRCA test has passed without correct certificate.
0
 
PeralesATAuthor Commented:
Solved my own question.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 6
  • 4
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now