Systemadministration
asked on
Exchange Smarthost TLS Encryption 256 Bit
Hi experts,
we are using a smarthost in Excange2010 to send e-mails to the internet. In exchange we have a rule that all mails (*) will be send with that send-connector.
Does Exchange per default use TLS for sending mails outside if the receiving server offers TLS?
What encryption can Exchange use to send (128Bit, 256Bit). In outgoing mail I see that exchange is sending with 128 Bit. Is it possible to set it to 256 Bit?
Another question is, how it would be possible to force exchange or the smarthost to send mails to *@test.com always via a specified mx-server?
Many thanks in advance!
we are using a smarthost in Excange2010 to send e-mails to the internet. In exchange we have a rule that all mails (*) will be send with that send-connector.
Does Exchange per default use TLS for sending mails outside if the receiving server offers TLS?
What encryption can Exchange use to send (128Bit, 256Bit). In outgoing mail I see that exchange is sending with 128 Bit. Is it possible to set it to 256 Bit?
Another question is, how it would be possible to force exchange or the smarthost to send mails to *@test.com always via a specified mx-server?
Many thanks in advance!
ASKER
OK, I think all of your suggestions mean that I have to configure "Mutual TLS", right?
And for mutual TLS I have to publish my Exchange server to the internet, right?
What if I`d like to use a smarthost (of a provider) for outgoing mail and external mailboxes for receiving mails (with a fetching connector on exchange)? Would I be able to implement that Mutual TLS or 256Bit encryption?
And for mutual TLS I have to publish my Exchange server to the internet, right?
What if I`d like to use a smarthost (of a provider) for outgoing mail and external mailboxes for receiving mails (with a fetching connector on exchange)? Would I be able to implement that Mutual TLS or 256Bit encryption?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello,
Did you do TLS with 256bit?
Did the articles help you?
Did you do TLS with 256bit?
Did the articles help you?
ASKER
No I didn`t
If I do, I`ll let you know.
If I do, I`ll let you know.
ASKER
I changed Cipher priority and all outgoing mail is now 256 Bit encrypted if the receiving server is able to do that.
https://social.technet.microsoft.com/Forums/office/en-US/5830c533-38eb-4d88-92fe-6e1a02d7bac4/change-block-size-from-aes128-to-aes256-in-exchange-2007-for-forced-tls-to-an-external-receipient?forum=exchangesvrgenerallegacy
was exactly what I did.
https://social.technet.microsoft.com/Forums/office/en-US/5830c533-38eb-4d88-92fe-6e1a02d7bac4/change-block-size-from-aes128-to-aes256-in-exchange-2007-for-forced-tls-to-an-external-receipient?forum=exchangesvrgenerallegacy
was exactly what I did.
No. You need to enable TLS for send and receive connectors.
https://technet.microsoft.com/en-us/library/bb123543%28v=exchg.141%29.aspx
I think Yes. Reed this topic: https://social.technet.microsoft.com/Forums/office/en-US/5830c533-38eb-4d88-92fe-6e1a02d7bac4/change-block-size-from-aes128-to-aes256-in-exchange-2007-for-forced-tls-to-an-external-receipient?forum=exchangesvrgenerallegacy
MX-server you mean specific MX records of external domain? Maybe easier way is use IP-addresses of those MX-servers in new send connector?