Announcement

Collapse
No announcement yet.

Configure TLS on exchange 2003 to send/receive mail with specific customer

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure TLS on exchange 2003 to send/receive mail with specific customer

    Hi all,
    Recently one of our customer requested us to enable the TLS between us & them (receive/send mail securely encrypted). After some studying i did some preliminary preparation for the implementation by purchasing the certs from Thawte. I installed on the exchange IIS manager and it works. But i am unable to move further as i am not sure which are the correct steps i should take before i made changes to our current exchange 2003 so i am here to ask for guidance.

    We are running on exchange 2003 Ent edition in single node with basic mode (no FE/BE stuff).

    I want to keep it simple and easy which means our mail servers can serve TLS to this particular customer & non TLS email to anonymous parties concurrently.

    So what should i do?
    For receiving email (smtp vs)-
    Do i create an extra smtp vs besides the default smtp vs ? Can i install the certs on the default smtp vs & configure it to TLS encryption so it will be able to receive non TLS & TLS email? If not, can i create a new smtp vs with the same private ip address? or same port? I do not have any more extra public ips available.

    For sending email (smtp connector) -
    Do i need to create and extra smtp connector for this customer with smart host? Cant i use the existing smtp connector with enabling the TLS encryption in outbound security tab? So that i dun have to use the smart host to specified their mail server ipaddress & mail domain name as they never give me their ip address & domain name.

    There are so many different ways to do it when i google it but i not sure which is the correct way so here i am in search for answer from the gurus in this forum.

    thanks

  • #2
    Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

    As for incoming, you should be able to just receive the TLS opportunistically if you have the cert installed on the vs.

    The outgoing will require an SMTP connector to their domain but does not require one of their smarthosts. you can point it anywhere and it will still process the traffic and will require TLS if you check the TLS Encryption box on the Advanced>>Outbound security part of the connector.
    Thank you,

    Marc

    Comment


    • #3
      Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

      Originally posted by tnshurtm View Post
      As for incoming, you should be able to just receive the TLS opportunistically if you have the cert installed on the vs.

      The outgoing will require an SMTP connector to their domain but does not require one of their smarthosts. you can point it anywhere and it will still process the traffic and will require TLS if you check the TLS Encryption box on the Advanced>>Outbound security part of the connector.
      Hi,
      Thanks for the fast reply

      So for the outgoing part, are you saying that i would require to create an new smtp connector just for this customer?
      and i can choose the option of "use dns to route to each address space on this connector" instead of "forward all mail through this connector to the following smart hosts"
      as for address space i need to add smtp with customer domain address eg:abc.com instead of address space with "*" like what is set on default smtp connector.

      am i getting there? thanks

      Comment


      • #4
        Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

        Originally posted by bevios View Post
        So for the outgoing part, are you saying that i would require to create an new smtp connector just for this customer?
        and i can choose the option of "use dns to route to each address space on this connector" instead of "forward all mail through this connector to the following smart hosts"
        as for address space i need to add smtp with customer domain address eg:abc.com instead of address space with "*" like what is set on default smtp connector.
        Yes, just set the address space to the domain/domains that they have and use DNS. Make sure you check the TLS Encryption though. That is what makes it required.
        Thank you,

        Marc

        Comment


        • #5
          Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

          Hi tnshurtm,
          Thanks for the reply, i email them about the domains they have, and what i receive is a whole lot list of domains. I am not sure which i should enter in the address space as is abit confusing to me. What they wrote in the email :-

          abc-apac-outboundserver
          1)psmtp4.abc.com (203.112.xx.xx)
          2)psmtp5.abc.com (203.112.xx.xx)
          3)csmtp4.abc.com (203.112.xx.xx)
          4)csmtp5.abc.com (203.112.xx.xx)
          5)dsmtp.abc.com (203.112.xx.xx)

          abc-apac-domains
          1)abc.com.bd
          2)abc.com.hk
          3)abc.com.bn
          4)abc.com.mo
          5)abc.com.tw
          6)abc.com.sg
          7)abc.com.my
          abc.com.jp
          the list go on & there is total 40 domains!!

          so which of these should i insert in the address space? the 40 domains or just the 5 outbound server domains??

          Comment


          • #6
            Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

            I have client that has over 60 domains and I have all of their domains listed. They send me an update about once a month with add/deletes so that I can make changes as required.
            Thank you,

            Marc

            Comment


            • #7
              Re: Configure TLS on exchange 2003 to send/receive mail with specific customer

              Originally posted by tnshurtm View Post
              I have client that has over 60 domains and I have all of their domains listed. They send me an update about once a month with add/deletes so that I can make changes as required.
              thanks marc!! it works my client so far have no issues with us.

              Comment

              Working...
              X