locked
Exchange 2010 SMTP SSL or TLS Client Access RRS feed

  • Question

  • I have problem hitting one Server. I use secure pop3 (995) or IMAP (993) access for one client. I`m trying to send mail through secure smtp (587) connection, for some clients.  I have no problem  authenticated using first step in Outlook test (IMAP or POP3), but when test trie to send mail, in outlook, i get the following error in client :

    Send test e-mail message: Outlook cannot connect to your outgoing (SMTP) e-mail server. If you continue to receive this message, contact your server administrator or Internet service provider (ISP).

    I can telnet 587 port, can send helo to server….Basically I missing something.


    Borut
    Wednesday, August 4, 2010 4:28 PM

Answers

  • Hi,

    Please check if your Client receive connector has the correct settings for TLS connection:

    1. Open EMC expand to Server Configuration->Hub Transport. In receive Connectors tab, right click Client and choose properties.
    2. In Network tab, make sure the port 587 is opening.
    3. In Authentication tab, make sure check the following option: Transport Layer Security (TLS)

    4. In Permission Groups tab, check the option "Anonymous users".

    5. Open outlook. change the port to 587 and select "TLS".

    Then send a message once again. You may receive a certificate warning. Click Yes to continue the process.

    What's result?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
    • Marked as answer by Borut Puhar Thursday, August 5, 2010 2:41 PM
    Thursday, August 5, 2010 10:48 AM

All replies

  • On port 25 , and SSL or TLS a get error :

    Send test e-mail message: Your server does not support the connection encryption type you have specified. Try changing the encryption method. Contact your mail server administrator or Internet service provider (ISP) for additional assistance.


    Borut
    Wednesday, August 4, 2010 4:37 PM
  • Do you have a cert on the SMTP service?

    type get-exchangecertificate

    and see if smtp is listed as one of the services on the cert, if not you will need to enable before you can use smtp ssl

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. If the post wasn't the exact answer or was helpful in leading you to the answer, please vote it as helpful. This can be beneficial to other community members reading the thread.
    • Proposed as answer by joocrazy Thursday, January 17, 2013 11:33 PM
    • Unproposed as answer by joocrazy Thursday, January 17, 2013 11:33 PM
    Wednesday, August 4, 2010 10:16 PM
  • Hi,

    Please check if your Client receive connector has the correct settings for TLS connection:

    1. Open EMC expand to Server Configuration->Hub Transport. In receive Connectors tab, right click Client and choose properties.
    2. In Network tab, make sure the port 587 is opening.
    3. In Authentication tab, make sure check the following option: Transport Layer Security (TLS)

    4. In Permission Groups tab, check the option "Anonymous users".

    5. Open outlook. change the port to 587 and select "TLS".

    Then send a message once again. You may receive a certificate warning. Click Yes to continue the process.

    What's result?


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Thanks
    • Marked as answer by Borut Puhar Thursday, August 5, 2010 2:41 PM
    Thursday, August 5, 2010 10:48 AM
  • Ok that works.  In point  4. A disable Anonymous user at the Client receive connector.

    If I understand properly, as sun as there is open channel, there is TLS encryption, and than authentication, and transition over smtp port 587 is encrypted.. But client side is set to none. If a set Auto, SSL, or TLS, it does not work, same error.


    Borut
    Thursday, August 5, 2010 11:47 AM
  • OK Follow-up.

    I test solution with wireshark, and communication is encrypted with TLS. Settings in Outlook are a bit misleading, but solution work. I disable Anonymous, other is ok. But probably, it is not important, or maybe more secure, that server talk to each other encrypted. But i need certificate issued from public CA(other server trusted).

     

    Just info :

    Communication start :

    *

    C: Ehelo MjDemoPC

    S: 250-smtp.public-sefrver.net Hello…

    C: STARTTLS

    S: 200 2.0.0 SMTP Server ready

    TLSv1 Client Hello

    TLSv1 Client Key Exchange

    TLSv1 Change Ciper Spec, Encrypted Handshake Massage

    TLSv1 Communication………


    Borut
    Thursday, August 5, 2010 2:41 PM
  • Hello

    But by default "Anonymous  users" are not checked.

    http://technet.microsoft.com/en-us/library/aa996395.aspx

     


    Kind Regards Tomasz Ramza
    Tuesday, January 10, 2012 12:48 PM
  • Hello

    I've got the same problem.

    I want to use secure Pop3-SMTP connection.

    On Outlook 2010 SP1 I configured:

    SMTP: port 587, Secure connection TLS

    I cannot send e-mails.

    With port 587 I can send only e-mails without secure connections.

    But If I use port 25 and secure connection: TLS, everything is ok.

    I use certificate and internal CA. Certificate is attached to Pop3, SMTP.... in exchange

     

    Recive connectors on Exchange 2010SP1 have defaults options.

    Why can I use port 587? Or if I should use port 25 so what support receive connector: Client <server name> used port 587?

    Thank you very much for help.

    Tomasz


    Kind Regards Tomasz Ramza
    Tuesday, January 10, 2012 1:17 PM