Re: Need help configuring Exchange Server for outgoing messages

Robarb <Robarb@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Yesterday, AT&T changed their SMTP servers to now require SSL authentication,

Are you sure they require SSL and not TLS? And that they require the
certificates to be used for authentication and not just a
userid/password (i.e. use AUTH)?

which Exchange Server doesn't seem to be able to do.

Exchange can use TLS, and it can use AUTH. You'll need an SSL
certificate for your machine, though.

As a result, we haven't
been able to send any emails for 2 days. And AT&T was no help by phone.

I need to either figure out how to get Exchange to communicate with the AT&T
smtp server using SSL,

1. Get a SSL certificate
2. Install the cert.
3. Add the cert to the SMTP Virtual Server
4. Add a SMTP Connector to your routing group
5. Config the SMTP Connector to send your mail to the ATT smart host
6. Config the SMTP Connector to require TLS.

You probably have your SMTP Virtual Server configured to deliver mail
to the smart host. That's not a good idea. Use the SMTP Connector
instead.

or delve into the world of sending emails using DNS.

That's actually the easy thing to do. Of course, ATT may not allow you
to use port 25 except to connect to their relay servers.

I'm not sure how to configure Exchange (or MX records, etc.) to do this. Is
it difficult to set up Small Business Server 2003 to send emails without
needing an outside smtp server?

Don't know about SBS, but using a SMTP Connector is pretty easy. And
delivering email to the target servers is the default configuration.
Again, don't forget to remove the smart host stuff from your SMTP
Virtual Server.

If you don't host your own DNS then you'll have your ISP (ATT?) add
the MX to your DNS zone on their DNS servers.

--
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@xxxxxxxxxxxxx
Or to these, either: mailto:h.pott@xxxxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxx mailto:melvin.mcphucknuckle@xxxxxxxxxxxxxxx
.

Relevant Pages

  • RE: SSL MITM not on port 443
    ... Have you ever done what you're trying to do on a "normal" SSL web ... My recommendation would be to set up a web server in your lab ... hopes that the client will accept that certificate. ... SSL MITM not on port 443 ...
    (Pen-Test)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: OWA 2003 w/ Smart Card Authentication.
    ... Exchange 2003 server via ActivSync. ... the IIS certificate. ... Whether or not authentication will succeed is completely dictated by ... Server's SSL certificate must be configured on root of v-server via ...
    (microsoft.public.exchange.connectivity)
  • Re: "Could not connect to server" error when accessing Outlook 200
    ... Perhaps when you connect via RDP, you have to use SSL. ... The server you are connected to is using a security certificate ... A certificate chain processed, but terminated in a root certificate which is ... Settings on the Advanced tab. ...
    (microsoft.public.outlook.installation)
  • Re: Publish SSL Web Server behind SBS2003
    ... > How to configure a certificate for use with a Web publishing rule in ISA ... > Server 2004 ... > RWW/OWA for SSL encryption. ... Right click the SSL Web Site and click Properties. ...
    (microsoft.public.windows.server.sbs)