none
Exchange 2010: Configure SSL on a new port

    Question

  • My organization recently adopted a hosted software solution that has email capability. The hosted software requires us to open a relay port on our Exchange 2010 server.

    Naturally I am not opening up the default receive connector for relay, so I created a new one that uses a different port (325) and plan to secure it so that only this hosted software's IP range can use it (this part I am clear on and know how to restrict IP addresses in the Receive Connector). However, I also want to make sure I can use SSL as well. How can I configure this new receive connector for SSL? Can I use the existing certificate already in place for OWA, or do I need to get a new one?

    If there is a better way to accomplish what I am trying to do I am open to suggestions as well. The whole idea is to have relaying open ONLY for this hosted software and nothing else, and to have it secured by SSL.
    Tuesday, May 08, 2012 3:14 PM

Answers

  • Hello,

    I mean you can create a receive connector and enable the Allow Anonymous Relay only for the APP. Then you don’t have to assign a different port and still use the 587 ports for SSL.  

    Allow Anonymous Relay on a Receive Connector

    http://technet.microsoft.com/en-us/library/bb232021.aspx

    Thanks,

    Simon

    Thursday, May 10, 2012 2:49 AM
    Moderator

All replies

  • Hello,

    You can create a new receive connector, enable the open relay only for the APP server.

    Thanks,

    Simon Wu

    Exchange Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, May 09, 2012 9:03 AM
    Moderator
  • Hi

    You will have a self signed certificate on the server which can be used for SSL - it will be enabled for SMTP by default.  You can enable you public certificate for SSL but this shouldn't be required unless you are using mutual TLS.

    Steve

    Wednesday, May 09, 2012 9:22 AM
  • Simon,

    .

    I did configure a new receive connector and know how to restrict the relay. However, the real issue is with security. The hosted application does not use TLS or any other method of encryption, so usernames and passwords are being sent to the Exchange server using plain text. That's of course not what I want to do.

    .

    The configuration screens for their software provide a testing utility to make sure your Exchange settings are configured correctly. Here is a picture of their "email tester."

    .

    .

    You can see there is an option for SSL at the bottom. All of the documents they have sent me for configuration demonstrate how to use this system with hosted email like Gmail, MSN, etc. Nothing about Exchange, although I have been told it is compatible with Exchange (and it even has that check box at the top to indicate its use).

    .

    So my question should be, how do I authenticate securely in this case?

    Wednesday, May 09, 2012 1:36 PM
  • Hello,

    I mean you can create a receive connector and enable the Allow Anonymous Relay only for the APP. Then you don’t have to assign a different port and still use the 587 ports for SSL.  

    Allow Anonymous Relay on a Receive Connector

    http://technet.microsoft.com/en-us/library/bb232021.aspx

    Thanks,

    Simon

    Thursday, May 10, 2012 2:49 AM
    Moderator
  • Hello,

    Is there any update on this thread?

    Thanks,

    Simon Wu

    Exchange Forum Support

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, May 28, 2012 3:32 AM
    Moderator