[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Exchange Smarthost TLS Encryption 256 Bit

Posted on 2015-01-28
6
Medium Priority
?
361 Views
Last Modified: 2015-03-16
Hi experts,

we are using a smarthost in Excange2010 to send e-mails to the internet. In exchange we have a rule that all mails (*) will be send with that send-connector.
Does Exchange per default use TLS for sending mails outside if the receiving server offers TLS?
What encryption can Exchange use to send (128Bit, 256Bit). In outgoing mail I see that exchange is sending with 128 Bit. Is it possible  to set it to 256 Bit?

Another question is, how it would be possible to force exchange or the smarthost to send mails to *@test.com always via a specified mx-server?

Many thanks in advance!
0
Comment
Question by:Systemadministration
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Expert Comment

by:Alexander Kireev
ID: 40575945
Hello.

Does Exchange per default use TLS for sending mails outside if the receiving server offers TLS?
No. You need to enable TLS for send and receive connectors.
https://technet.microsoft.com/en-us/library/bb123543%28v=exchg.141%29.aspx

What encryption can Exchange use to send (128Bit, 256Bit). In outgoing mail I see that exchange is sending with 128 Bit. Is it possible  to set it to 256 Bit?
I think Yes. Reed this topic: https://social.technet.microsoft.com/Forums/office/en-US/5830c533-38eb-4d88-92fe-6e1a02d7bac4/change-block-size-from-aes128-to-aes256-in-exchange-2007-for-forced-tls-to-an-external-receipient?forum=exchangesvrgenerallegacy

Another question is, how it would be possible to force exchange or the smarthost to send mails to *@test.com always via a specified mx-server?
MX-server you mean specific MX records of external domain? Maybe easier way is use IP-addresses of those MX-servers in new send connector?
0
 

Author Comment

by:Systemadministration
ID: 40576919
OK, I think all of your suggestions mean that I have to configure "Mutual TLS", right?
And for mutual TLS I have to publish my Exchange server to the internet, right?
What if I`d like to use a smarthost (of a provider) for outgoing mail and external mailboxes for receiving mails (with a fetching connector on exchange)? Would I be able to implement that Mutual TLS or 256Bit encryption?
0
 
LVL 4

Accepted Solution

by:
Alexander Kireev earned 1500 total points
ID: 40578255
OK, I think all of your suggestions mean that I have to configure "Mutual TLS", right?
Yes.

And for mutual TLS I have to publish my Exchange server to the internet, right?
I propose you to publish only Edge server. If you don't have the Edge use sarthost.

What if I`d like to use a smarthost (of a provider) for outgoing mail and external mailboxes for receiving mails (with a fetching connector on exchange)?
Ask you provider - does smart host use TLS, AntiSpam and AntiVirus filter.

Would I be able to implement that Mutual TLS or 256Bit encryption?
I think Yes. I'm not expert on security.
Good arcitles and forum:
https://social.technet.microsoft.com/Forums/forefront/en-US/ec033ff6-091d-441d-8ad3-7ea411100009/ssl-with-256bit-strength
http://www.derekseaman.com/2010/06/enable-tls-12-aes-256-and-sha-256-in.html
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 4

Expert Comment

by:Alexander Kireev
ID: 40594284
Hello,
Did you do TLS with 256bit?
Did the articles help you?
0
 

Author Comment

by:Systemadministration
ID: 40633262
No I didn`t
If I do, I`ll let you know.
0
 

Author Comment

by:Systemadministration
ID: 40669025
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question