none
Forcing all outgoing mail to have TLS?

    Question

  • Hello,

    We send all our outgoing mail currently through to a secure content provider. We have one outgoing send connector. We were told we need to force all our outgoing email to require tls. From what we're told by default exchange 2013 tries tls but doesn't require all out going to be tls. I'm not tls expert so I may have my details wrong.

    I found this article but wasn't clear what the *.outlook.com was about - https://o365info.com/configure-force-tls-on-exchange-on-premises-environment-settings-of-send-connector-part-8-12-tls/

    Our one outbound send connector is called send.ourdomain.com  

    Can someone give me the powershell command to send all outbound to be TLS?

    Thanks.

    Wednesday, June 13, 2018 3:03 PM

All replies

  • Exchange uses what's known as opportunistic TLS so if the server Exchange is sending to supports TLS, it will be used.  So you probably don't really need to do anything.  If you turn up protocol logging and examine the logs, you'll find that is probably happening.

    The article you cite is in regard to Office 365, which is why *.outlook.com is referenced.

    The Set-SendConnector cmdlet is what you would use to force TLS.

    https://docs.microsoft.com/en-us/powershell/module/exchange/mail-flow/set-sendconnector?view=exchange-ps


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 13, 2018 6:59 PM
    Moderator
  • Thanks they say we can't use opportunistic tls it has to always enabled.    So  is this the command?

    Set-SendConnector -Identity “send.ourdomain.com" RequireTLS   $true

    Thursday, June 14, 2018 12:25 AM
  • That's right, but depending on the other end's configuration, you might need to also specify TLSAuthLevel, TLSCertificateName, TLSDomain, and IgnoreSTARTTLS.  I seem to recall a good number of threads in these forums where people have had trouble configuring this.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Thursday, June 14, 2018 12:45 AM
    Moderator
  • Hi,

    Any further help we can do for you?
    If it's solved, would you please post the solution here to share it with us?

    Also, please free to mark the useful reply as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, June 25, 2018 2:08 AM
    Moderator
  • Hi,

    Sorry to interrupt your again.
    I just want to check the current status of your question.
    Is there any update or any other assistance I could provide on this issue? 

    Please feel free to mark responses as the answer and/or vote them helpful as appropriate.
    Thank you for your understanding and patience! 

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, July 2, 2018 2:03 AM
    Moderator