TLS in Exchange 2010 SP3

Posted on 2013-10-01
Medium Priority
Last Modified: 2013-10-02

I want to secure my outgoing e-mails that I send out with a single send connector from HUB to a smarthost.
I am using basic authentication over TLS on to this connector, but what does this give me in security, authenticating my server when sending?

Do I need to use S/mime to be able to encrypt the messages between my server to the smarthost.

The smarthost has open ports for SMTP with 'Start TLS': 25
SSL-port: 465.

Connector config

AddressSpaces                : {SMTP:*;1}
AuthenticationCredential     : System.Management.Automation.PSCredential
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
DNSRoutingEnabled            : False
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : mail.domain.com
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : SRV04
Identity                     : Internet TLS relay
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
LinkedReceiveConnector       :
MaxMessageSize               : 29.53 MB (30,965,760 bytes)
Name                         : Internet TLS relay Stay
Port                         : 25
ProtocolLoggingLevel         : None
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : BasicAuthRequireTLS
SmartHosts                   : {smarthost}
SmartHostsString             : smarthost
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              :
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {SRV04}
TlsAuthLevel                 :
TlsDomain                    :
UseExternalDNSServersEnabled : False


Question by:DicomSupport
  • 2
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39535794
Since your Exchange and mailhost are windows machines, you can encrypt all data between them, this is a fast and secure way cipher all data: http://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html

Author Comment

ID: 39536548

sorry if I confused you, the smarthost is not a Windows machine and I can't change settings on it.

Can you explain what my current Exchange config gives me?

LVL 63

Accepted Solution

Simon Butler (Sembee) earned 2000 total points
ID: 39538421
All that TLS does is put the SMTP traffic inside SSL. It doesn't do anything with the actual message. As you are using a smart host it will just protect the traffic to the smart host, no further.

Authentication is something different, independant from TLS.


Author Comment

ID: 39540114
As long as I get SSL from my server to the smarthost that is fine.

Featured Post

Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Cloud computing is a model of provisioning IT services. By combining many servers into one large pool and providing virtual machines from that resource pool, it provides IT services that let customers acquire resources at any time and get rid of the…
In this article, I explain what Convergent Encryption is and how it can be used.
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
In this video I will demonstrate how to set up Nine, which I now consider the best alternative email app to Touchdown.

587 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question