[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Exchange and SMTP over TLS

Posted on 2014-03-02
7
Medium Priority
?
534 Views
Last Modified: 2014-03-02
I am looking to setup SMTP over TLS for several clients who all are running Exchange. I am not looking to FORCE TLS at this time but would like:

Exchange to first attempt an SMTP over TLS connection FIRST. If this cannot be negotiated, then fail back to regular SMTP.

My initial searches did not return many good guides on this.

All clients are running either Exchange 2010 or 2013.
0
Comment
Question by:Schuyler Dorsey
  • 4
  • 2
7 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 1000 total points
ID: 39898552
The reason you found no guides was because there is nothing you need to do.

Since Exchange 2007, Exchange uses opportunist TLS by default - if TLS can be used then it will use it, only falling back to plain SMTP.

Simon.
0
 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 39898560
So there is ZERO config required to do this? And thank you!
0
 
LVL 16

Assisted Solution

by:Michael Ortega
Michael Ortega earned 1000 total points
ID: 39898592
Correcto. Exchange 2007 forward is set to use TLS opportunistically. The great thing about it is that if you are emailing people that are also using Exchange 2007 or newer all your messages are sent and received by default over a TLS connection.

If you do want to start forcing TLS you can create a 2nd send connector and only check TLS in the properties. Then scope the connector for which recipient domains you want to force TLS to.

MO
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
LVL 10

Author Comment

by:Schuyler Dorsey
ID: 39898596
Also.. does Exchange use START TLS as oppose to SMTPS? If so, does it do this still over port 25? Just trying to make sure I have the correct inbound/outbound ports on the firewall available.

I see that 465 is used for the older SMTPS.
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898598
Yes, over port 25 and uses STARTTLS.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898602
Correction on my previous note above. I was mixing up my receive and send connector configurations. Your receive connector would need to be set to only allow TLS authentication and the senders IP(s) to be set in the network settings of the receive connector.

MO
0
 
LVL 16

Expert Comment

by:Michael Ortega
ID: 39898605
The receiving side would essentially need to do the same thing on their end and that would be how you enforce TLS on both sides.

We use 3rd party filters on our systems that do the enforcement for us, so that's where the mixup above came with the send connector. We simply scope our send connector to relay through the filter which then performs the enforcement of TLS.

MO
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I am posting this in case anyone runs into similar issues that I did, this may save you a lot of grief: Condition: 1. Your NetBIOS domain name contains an ampersand " & " character.  (e.g. AT&T) 2. You've tried to run any Microsoft installation…
Here is a method which can be used to help resolve a "Content Index Failed" error on a Microsoft Exchange Server.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Planning to migrate your EDB file(s) to a new or an existing Outlook PST file? This video will guide you how to convert EDB file(s) to PST. Besides this, it also describes, how one can easily search any item(s) from multiple folders or mailboxes…
Suggested Courses
Course of the Month9 days, 10 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question