asked on

Exchange and SMTP over TLS

I am looking to setup SMTP over TLS for several clients who all are running Exchange. I am not looking to FORCE TLS at this time but would like:

Exchange to first attempt an SMTP over TLS connection FIRST. If this cannot be negotiated, then fail back to regular SMTP.

My initial searches did not return many good guides on this.

All clients are running either Exchange 2010 or 2013.

ASKER CERTIFIED SOLUTION

Simon Butler (Sembee)

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Schuyler Dorsey

ASKER

So there is ZERO config required to do this? And thank you!

SOLUTION

Michael Ortega

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Schuyler Dorsey

ASKER

Also.. does Exchange use START TLS as oppose to SMTPS? If so, does it do this still over port 25? Just trying to make sure I have the correct inbound/outbound ports on the firewall available.

I see that 465 is used for the older SMTPS.

Michael Ortega

Yes, over port 25 and uses STARTTLS.

MO

Michael Ortega

Correction on my previous note above. I was mixing up my receive and send connector configurations. Your receive connector would need to be set to only allow TLS authentication and the senders IP(s) to be set in the network settings of the receive connector.

MO

Michael Ortega

The receiving side would essentially need to do the same thing on their end and that would be how you enforce TLS on both sides.

We use 3rd party filters on our systems that do the enforcement for us, so that's where the mixup above came with the send connector. We simply scope our send connector to relay through the filter which then performs the enforcement of TLS.

MO