Comments on: Client to Server Secure SMTP Connectivity in Exchange Server 2007

By: Matt

Matt — Wed, 30 Dec 2009 23:01:06 +0000

dumb question here, but what if I am receiving email from an external smtp server inbound to my server using a different authorized domain name and I want to require TLS from their IP range but not require authentication, while also having a receive connector for my main domain name open on 25 from my spam system? Would I just create a new connector with anon access only and the TLS checked listening on 587? (assumed that I have added the second domain name to server)

By: John

John — Tue, 10 Nov 2009 16:51:56 +0000

Elan,

Actually I was talking about the -RequireTLS switch in that last comment. But this is a fantastic post and extremely useful. Thanks for everything.

By: John

John — Tue, 10 Nov 2009 16:48:35 +0000

Elan,

HOLY MOLY!!! Thank you so much. I've been looking for that setting for two days! Perfect!

By: Office Upgrade: Post-Game Lessons Learned

Office Upgrade: Post-Game Lessons Learned — Thu, 17 Sep 2009 01:40:07 +0000

[...] We also have some users (like me) who only use Gmail for all email and want to send their company specific emails directly through the Exchange server instead of to Gmail and wait for them to be downloaded by Exchange. The easiest way was to enable port 587 for Gmail to connect to as part of its new Send Mail Through ability. This just basically requires a custom Receive Connector as documented HERE. [...]

By: Vikas Kumar

Vikas Kumar — Tue, 01 Sep 2009 14:40:28 +0000

Hello,

Could you please tell me that after running the below command, what will be the server impact in terms of performance?

Set-MailboxServer ServerName -MAPIEncryptionRequired:$true

Regards,
Vikas Kumar

By: Elan Shudnow

Elan Shudnow — Wed, 12 Aug 2009 17:49:55 +0000

Mike, check out the following page:
http://technet.microsoft.com/en-us/library/bb125140.aspx

There’s a -RequireTLS $true option there which you can use to force Auth.

When you connect to telnet and establish EHLO, you should see: 250-STARTTLS

If you send from a system that doesn’t accept STARTTLS, the sending system should get:
“451 5.7.3 Require STARTTLS to do basic authentication.”

By: Mike

Mike — Tue, 11 Aug 2009 01:57:50 +0000

We want to force authentication over TLS. Ie, Basic but only allow basic with TLS. How do we test/prove this is working via telnet? I can test basic auth with telnet- but not if we are requiring TLS.

By: Dave

Dave — Fri, 07 Aug 2009 13:51:39 +0000

For Aaron, but other like myself who followed all the myriad blogs and had problems. If all you want is a simple mail server to accept mail for your users and allow your authenticated users (whether they are inside or outside the network doesn’t matter) to send mail to anyone, just do these simple steps:

1. Delete your existing receive connectors.
2. Use the wizard to create an Internet intended use – just take the defaults.
3. Use the wizard to create an internal intended use – just take the defaults.
4. Edit the Internet one and on Permission Groups, check off Exchange users and on the authentication tab, check what methods you want to allow them to authenticate by.

Done! That’s it. Authenticated users will automagically be able to send to anyone, unauthenticated users can only send to your Exchange users. No open relay.

By: Moshe

Moshe — Tue, 26 May 2009 14:00:59 +0000

Very Usefull.

Thanks

By: Aaron

Aaron — Thu, 26 Mar 2009 18:57:40 +0000

How would I use the info provided here to setup SMTP AUTH for an email appliance to use so my external users can relay mail through our exchange server if they have been authenticated?

Any help would be apprecaited.

app