none
Exchange 2007 - SMTP SSL

    Question

  • Hi,

    I have an Exchange 2007 server. I have some users that use Windows Live Mail for email. I tested IMAP SSL and SMTP TLS in Outlook and they work great but not in Windows Live Mail.

    Windows Live Mail doesn't support SMTP TLS and only SMTP SSL. How do I enable SMTP SSL in Exchange 2007?

    Thanks

    Tuesday, July 03, 2012 4:24 AM

Answers

  • Hi,

    We have known issue with Outlook Express 6 uses SMTP with SSL explicitly on port 25. In this case, if you do not use port 25, Outlook Express 6 clients may receive the following message:

    Your server has unexpectedly terminated the connection or 0x800CCC0F.

    There is now a fix available to allow Outlook Express 6 clients to use SSL on port 587. For more information, see Microsoft Knowledge Base article 933612, A mail program cannot connect to an Exchange Server 2007 server by using SSL over SMTP port 587.

    This issue is fixed in the Windows Vista Mail client, in the most recent versions of Outlook, and in Windows Live Mail Desktop.

    To work around this issue, you can use port 25 when requiring TLS, even if it means using a different IP address than your MX record. Note that, even with clients that support explicit TLS on port 587, you may not be able to pick some arbitrary port of your choosing. This is because the client may still try to use implicit SSL. Also, do not try to use port 465, as that is for implicit SSL, which Exchange does not support for SMTP.


    Xiu Zhang

    TechNet Community Support

    • Proposed as answer by Xiu Zhang Friday, July 06, 2012 6:48 AM
    • Marked as answer by Xiu Zhang Tuesday, July 10, 2012 6:36 AM
    Wednesday, July 04, 2012 8:06 AM

All replies

  • I think you are confusing client submission, as in when a client submits a message to a server using SMTP, with server-to-server SMTP.  Client submission usually requires authentication because users can relay to other Internet recipients, and SSL to protect the password, which would otherwise be sent in clear text.  Server-to-server SMTP across the Internet never requires SSL.  While you may be able to enable SMTP SSL in Exchange 2007, there is no reason you should need to do it to send mail to WIndows Live Mail.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Tuesday, July 03, 2012 4:45 AM
    Moderator
  • In Windows Live Mail, there's no option for SMTP TLS like in Outlook where you can select TLS, SSL, None, or Auto.

    So I need to enable SMTP SSL in Exchange so the email clients can connect to the Exchange server and send out emails. Currently Outlook clients can connect to Exchange server and use SMTP TLS for outgoing email but Windows Live Mail clients cannot send out any emails as there's no option for SMTP TLS, only SMTP SSL.

    How do I get SMTP SSL working in Exchange 2007? Hope that clarifies the question.

    • Edited by kungpow112 Tuesday, July 03, 2012 4:51 AM
    Tuesday, July 03, 2012 4:51 AM
  • "Also, do not try to use port 465, as that is for implicit SSL, which Exchange does not support for SMTP."
    http://technet.microsoft.com/en-us/library/ee428175%28v=exchg.80%29.aspx
    http://lab.technet.microsoft.com/en-us/magazine/cc137760

    Looks like Exchange doesn't support SMTP SSL, only SMTP TLS. I have setup a dummy POP account for Windows Live Mail and using the dummy POP account for SMTP instead.

    Tuesday, July 03, 2012 7:43 AM
  • Configure clients to connect to port 587 on the Exchange server and configure them to authenticate.

    But why are you using POP to the Exchange Server?  POP is such a basic protocol; you lose so much Exchange function.  You can configure Outlook with two profiles, one with the Microsoft Exchange Server (a.k.a. MAPI) service to talk to Exchange and the other with POP to talk to Windows Live Mail.  I recommend you don't try both in the same profile, however.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."


    Tuesday, July 03, 2012 3:31 PM
    Moderator
  • Configure clients to connect to port 587 on the Exchange server and configure them to authenticate.


    We have some overseas email users and they don't have Outlook. I have it working with port 587 and SMTP TLS but exchange doesn't support SMTL SSL 465 which is what I wanted to do.

    Tuesday, July 03, 2012 5:45 PM
  • Hi,

    We have known issue with Outlook Express 6 uses SMTP with SSL explicitly on port 25. In this case, if you do not use port 25, Outlook Express 6 clients may receive the following message:

    Your server has unexpectedly terminated the connection or 0x800CCC0F.

    There is now a fix available to allow Outlook Express 6 clients to use SSL on port 587. For more information, see Microsoft Knowledge Base article 933612, A mail program cannot connect to an Exchange Server 2007 server by using SSL over SMTP port 587.

    This issue is fixed in the Windows Vista Mail client, in the most recent versions of Outlook, and in Windows Live Mail Desktop.

    To work around this issue, you can use port 25 when requiring TLS, even if it means using a different IP address than your MX record. Note that, even with clients that support explicit TLS on port 587, you may not be able to pick some arbitrary port of your choosing. This is because the client may still try to use implicit SSL. Also, do not try to use port 465, as that is for implicit SSL, which Exchange does not support for SMTP.


    Xiu Zhang

    TechNet Community Support

    • Proposed as answer by Xiu Zhang Friday, July 06, 2012 6:48 AM
    • Marked as answer by Xiu Zhang Tuesday, July 10, 2012 6:36 AM
    Wednesday, July 04, 2012 8:06 AM
  • I would posit that OWA is far more feature-rich than any POP client.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

    Wednesday, July 04, 2012 4:43 PM
    Moderator