Schuyler Dorsey
asked on
Exchange and SMTP over TLS
I am looking to setup SMTP over TLS for several clients who all are running Exchange. I am not looking to FORCE TLS at this time but would like:
Exchange to first attempt an SMTP over TLS connection FIRST. If this cannot be negotiated, then fail back to regular SMTP.
My initial searches did not return many good guides on this.
All clients are running either Exchange 2010 or 2013.
Exchange to first attempt an SMTP over TLS connection FIRST. If this cannot be negotiated, then fail back to regular SMTP.
My initial searches did not return many good guides on this.
All clients are running either Exchange 2010 or 2013.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Also.. does Exchange use START TLS as oppose to SMTPS? If so, does it do this still over port 25? Just trying to make sure I have the correct inbound/outbound ports on the firewall available.
I see that 465 is used for the older SMTPS.
I see that 465 is used for the older SMTPS.
Yes, over port 25 and uses STARTTLS.
MO
MO
Correction on my previous note above. I was mixing up my receive and send connector configurations. Your receive connector would need to be set to only allow TLS authentication and the senders IP(s) to be set in the network settings of the receive connector.
MO
MO
The receiving side would essentially need to do the same thing on their end and that would be how you enforce TLS on both sides.
We use 3rd party filters on our systems that do the enforcement for us, so that's where the mixup above came with the send connector. We simply scope our send connector to relay through the filter which then performs the enforcement of TLS.
MO
We use 3rd party filters on our systems that do the enforcement for us, so that's where the mixup above came with the send connector. We simply scope our send connector to relay through the filter which then performs the enforcement of TLS.
MO
ASKER