Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

TLS Encryption Exchange 2010

Posted on 2013-01-17
4
Medium Priority
?
851 Views
Last Modified: 2013-01-17
A client of mine used to have TLS encryption setup on their old Exchange 2003 setup for various clients, they now use Exchange 2010 am I right in thinking that all mail is sent using this method where required so no extra work is required unlike on 2003?
0
Comment
Question by:dannyfccs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 14

Accepted Solution

by:
BlueCompute earned 2000 total points
ID: 38786698
Yes that's correct.  Exchange 2010 will do opportunistic TLS by default, so long as there is a certificate configured for SMTP.  If you run the Get-ExchangeCertificate cmdlet you can see which certificate you have configured for SMTP.

If you have a certificate enabled for SMTP then exchange will offer the STARTTLS option and where the other server supports it communication will be encrypted.  If the other server doesn't support TLS then exchange will default / fall-back to unencrypted SMTP. (Hence 'opportunistic' TLS.  If you wish to force TLS and never fall-back to unencrypted then you must configure your connectors to 'require TLS')
0
 

Author Comment

by:dannyfccs
ID: 38786725
But if the server your sending to doesn't support TLS won't the mail not be delivered?
0
 
LVL 18

Expert Comment

by:irweazelwallis
ID: 38786784
if you need to force TLS you are best off setting up a scoped send connector to enforce TLS and fail if it can't do it

then you don't affect other mail
0
 
LVL 49

Expert Comment

by:Akhater
ID: 38786826
exchange 2010 uses opportunistic TLS so, if the certificates is correct and the other party supports it, exchange 2010 will use TLS, if not it will failback and user no-encrypted SMTP

all internal emails (within an exchange organization) will be sent with TLS encryption
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One-stop solution for Exchange Administrators to address all MS Exchange Server issues, which is known by the name of Stellar Exchange Toolkit.
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question