Announcement

Collapse
No announcement yet.

TLS between existing SBS 2003 and one remote client that requires it?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • TLS between existing SBS 2003 and one remote client that requires it?

    What exactly do I need to do to support sending/receiving TLS between an exsiting SBS 2003/Exchange 2003 organization and a remote client that is requiring all future connections support TLS.

    I understand moving to exchange 2007/2010 with oppurtunistic TLS is the preferred method, but that is not an option at this point.

  • #2
    Re: TLS between existing SBS 2003 and one remote client that requires it?

    At the very least you will require a trusted SSL certificate.
    You need to ask them what port they wish to send and receive on. If it is port 25, then you will also need a second Ip address, a host name pointing to that IP address and a seperate SSL certificate for that host name.

    To send email you will have to create a second SMTP Connector that will use TLS only. Their domain listed in the address space. If they are using their MX records then fine, but if they have a specific host name then you will have to set that as a smart host.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: TLS between existing SBS 2003 and one remote client that requires it?

      so i need a 2ND static ip address, sercurity certificate AND smtp connector to make this work for ONE domain they want to send/receive with? crazy...

      Comment


      • #4
        Re: TLS between existing SBS 2003 and one remote client that requires it?

        That is correct.
        Exchange 2003 doesn't do opportunist TLS. It is either ON for all email or OFF for all email. If you turn it ON for all email, then you will not receive 90% of your email, most email servers do not use TLS.
        Exchange 2003 is effectively 13 years old (the SMTP engine is based on Windows 2000 IIS SMTP) and does not have the flexibility, which is why Exchange 2007 and higher has its own SMTP engine. 13 years ago TLS wasn't used by anyone, security was a secondary consideration.

        The other option is to upgrade to Exchange 2010. That does opportunist TLS over the same configuration and can be configured to reject email if it isn't using TLS.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment

        Working...
        X