none
Require SSL for SMTP in Exchange 2010

    Question

  • Hi,

     

    My company assigned me to set up an internal exchange 2010 Server and apply an SSL certificate for pop/imap/ssl.  I have never worked with exchange before.  Currently I have pop/imap working with ssl, but I cannot seem to get the configuration right for SMTP.  I am using a wildcard cert from godaddy.com, provided by the company.  The error I am getting in outlook states that my email server does not support that type of encryption.  Can anyone point me in the right direction?  

    Tuesday, July 05, 2011 5:17 PM

Answers

All replies

  • Configure your Recieveconnector to enforce TLS.

    Set-ReceiveConnector "name of connector" -RequireTLS $True

    beware though that this conenctor once configured to require TLS, will not receive mail from Internet.

     


    lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
    Tuesday, July 05, 2011 9:02 PM
  • That actually gave me a light at the end of the tunnel!  thanks!  Is there a similar command for connecting with an SSL encryption? I can now connect with a TLS encryption from outlook, but when I try connecting with SSL it still generates the "your email server does not support that type of encryption"   

    I have applied the ssl cert to smtp as well.

    Tuesday, July 05, 2011 10:54 PM
  • You  have to configure your clients to use TLS. This is different from each client software.

    A question though. Why have Outlook running in SMTP/POP/IMAP mode instead of using MAPI?
    MAPI has a lot more functionality.


    lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
    Wednesday, July 06, 2011 10:24 AM
  • Hi,

    Read the aritcle below:

    wildcard could be used for Imap, pop and SMTP

     http://technet.microsoft.com/en-us/library/aa997231.aspx

    Don't use the Enable-ExchangeCertificate cmdlet to enable a wildcard certificate for POP and IMAP services. To enable a wildcard certificate, you must use the Set-ImapSettings or Set-PopSettings cmdlets with the fully qualified domain name (FQDN) of the service.

    reference:

    http://serverfault.com/questions/109619/wildcard-ssl-certificate-exchange-2010-pop-imap-problem


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, July 07, 2011 3:24 AM
    1. For TLS, you may also want to consider SMTP Outbound for your Exch server (Send Connector).  You may want to do this on a domain basis (more likey) then for for address space of *.  
    2. Also, you may want to force TLS between your Exch org and a partner then creare another Send connector for this domain space.  Maybe create anothe send connector just for SMTP domain where a requirement is to force TLS.
    3. Leave the default send connector alone.

    Sukh
    Sunday, July 10, 2011 1:24 PM