Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)
From: Mike Strout (_at_)
Date: 07/02/04
- Next message: Peter Kaufman: "Re: mails not reaching a particular domain"
- Previous message: Michael Bell: "Re: Werid Outlook Question"
- In reply to: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Next in thread: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Reply: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 1 Jul 2004 21:23:59 -0500
Well, I did a bunch more testing tonight and here is what I found.
> On the server, you need two physical IPs. One for the anonymous VS
listening
> on 25, and one for the other VS listening on 1025. So for this example,
> we'll use two IPs:
> VS1 using POrt 25 will be on 192.168.5.25
> VS2 using port 1025 will be on 192.168.5.110
>
I set this up as indicated only on 10.10.1.5 and 10.10.1.6 respectively. .5
is listening on 25. .6 is listening on 1025.
>
> Based on the example IPs above:
> For incoming port 25 requests, remap it to 192.168.5.25
> For incoming port 1025 requests, remap it to 192.168.5.110.
>
I did this on my firewall and see that the packets are correctly flowing to
the correct places.
> Where does this error show up? On the client? What client are you using?
The above config fails with Outlook 2002 and OE 6. The client gives me an
error message that the server doesn't support secure connections.
> Under the access tab, under the Communication button, you checked off
> 'Require Secure Channel" ?
Yes, but only on the .6 server that is listening on 1025. I don't even have
a cert installed on the .5 (port 25) virtual server.
> Under the advanced button where you selected 192.168.5.110 IP address, did
> you set it to use 1025?
Yes.
> Maybe I need to know exactly what tab you checked or changed what under.
> Know what I mean? I'm trying to follow your steps, but not exactly sure
> where you're doing this or if you set the two IPs or if you set "Require
> Secure Channel".
I know. There are a lot of options. Basically, I left the default SMTPVS
alone, except to tell it so explicitly use the 10.10.1.5 IP address instead
of the "All unassigned". For the SSLSMTPVS, I have the following, tab by
tab...
General tab
IP address/ port combo = 10.10.1.6:1025
Access Tab
Authentication Button
Anony=yes
Basic=yes
Require tls=yes
Default domain=internal domain
Integrated Windows Authentication=no
Certificate button
Certificate from verisign installed (owa via ssl works fine)
Communications button
Require secure channel=yes
require 128=no
Connection Control allows all except list
Relay restrictions only allows authenticated users
Messages tab is set to all defaults
Delivery tab set to defaults except fqdn set to external fqdn name
There is one interesting Event viewer message however. I am seeing an event
36871...A fatal error occurred while creating an ssl server credential. The
source of this is schannel. I wonder if this has something to do with it? I
am doing some web research on it now.
Mike
>
> Also, did you require outbound encryption on the VS using 1025 as well or
> will that be default (no TLS) ?
>
>
> >
> > Mike
> >
> >
>
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroup so all
> can benefit. This posting is provided "AS-IS" with no warranties and
> confers no rights.
>
> Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
> Microsoft Windows MVP - Active Directory
>
> HAM AND EGGS: A day's work for a chicken; A lifetime commitment for a
> pig. --
> =================================
>
>
- Next message: Peter Kaufman: "Re: mails not reaching a particular domain"
- Previous message: Michael Bell: "Re: Werid Outlook Question"
- In reply to: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Next in thread: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Reply: Ace Fekay [MVP]: "Re: SSL SMTP config on Exchange2k and Outlook (2k&xp)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
