Re: Exchange Server 2003 Smart Host
- From: v-terliu@xxxxxxxxxxxxxxxxxxxx (Terence Liu [MSFT])
- Date: Wed, 09 Jan 2008 09:31:22 GMT
Thank you for posting here. Let's also thank Kevin and Austin for the input.
According to your description, I understand that you want to enable SSL for
the SMTP connector to delivery email to Google Mail. If I have
misunderstood the problem, please don't hesitate to let me know.
The Google Mail enable SSL SMTP connection for clients to connect but not
for Exchange server. Google Mail is not ISP, and not a Smart Host provider.
Kevin is correct, Exchange do not support SSL for SMTP or SMTP connector.
The Exchange only support TLS for that. The TLS and the SSL are all used
for encryption SMTP traffic, TLS for server to server, SSL for client to
server. Therefore, you will find the SSL options available in Outlook, but
you can only find TLS in SMTP connector.
Based on my research, we can only enable TLS for SMTP connector to encrypt
the SMTP traffic:
The use of the Transport Layer Security (TLS) protocol over SMTP offers
certificate-based authentication and helps provide security-enhanced data
transfers by using symmetric encryption keys. In symmetric-key encryption
(also known as shared secret), the same key is used to encrypt and to
decrypt the message. TLS applies a Hash-based Message Authentication Code
(HMAC). HMAC uses a hash algorithm in combination with a shared secret key
to help make sure that the data has not been modified during transmission.
The shared secret key is appended to the data to be hashed. This helps
enhance the security of the hash because both parties must have the same
shared secret key to verify that the data is authentic.
Enable TLS on SMTP connector in SBS:
1. Install an X.509 server certificate on the server.
For more information about X.509 certificates, click the following article
number to view the article in the Microsoft Knowledge Base:
319574 How to use certificates with virtual servers in Exchange 2000 Server
2. Enable TLS on the SMTP connector with smarthost configured. To enable
TLS encryption, right-click the SMTP connector, and then click Properties.
Click the Advanced tab, click Outbound Security, and then click to select
the TLS Encryption check box.
3. Restart SMTP service and Routing Engine service.
See the following article for details:
How to help protect SMTP communication by using the Transport Layer
Security protocol in Exchange Server
Additional info on TLS:
How to secure Simple Mail Transfer Protocol client message delivery in
Exchange 2000 Server
823024 How to Use Certificates with Virtual Servers in Exchange Server 2003
329061 Exchange Server cannot communicate with non-TLS domains
I hope these steps will give you some help.
Thanks and have a nice day!
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
This posting is provided "AS IS" with no warranties, and confers no rights.
| From: bob.smith.0182@xxxxxxxxx
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: Exchange Server 2003 Smart Host
| Date: Tue, 8 Jan 2008 18:25:03 -0800 (PST)
| Organization: http://groups.google.com
| Lines: 63
| NNTP-Posting-Host: 126.96.36.199
| Mime-Version: 1.0
| Content-Type: text/plain; charset=ISO-8859-1
| Content-Transfer-Encoding: quoted-printable
| X-Trace: posting.google.com 1199845504 8680 127.0.0.1 (9 Jan 2008
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Wed, 9 Jan 2008 02:25:04 +0000 (UTC)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: u10g2000prn.googlegroups.com;
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:85446
| X-Tomcat-NG: microsoft.public.windows.server.sbs
| On Jan 8, 1:40 pm, "Austin Smith" <aus...@xxxxxxxxxxxxxx> wrote:
| > hey there!
| > Check your system manager; adminisitrative groups; server; protocols;
| > You should be able to find some settings in the smtp virtual instance
when> you right click (Context menu) and select properties.
| > Are you trying to use gmail for your domain email hosting?
| > Thanks,
| > Austin Smith, A+, MCP
| > Digital Son, I.T. Services
| > <bob.smith.0...@xxxxxxxxx> wrote in message
| > > Hi All,
| > > Would appreciate any help available:
| > > Please correct me if I am wrong: A Smart Host on the SMTP Connector of
| > > Exchange Server 2003 on SBS allolws me to specify an outgoing SMTP
| > > server, rather than using my own Exchange server to send the email
| > > out. In other words, I can forward all of my outgoing mail to say,
| > > Google's SMTP server, and have them send the mail out rather than us
| > > sending the mail out.
| > > Therefore, how would I go about configuring a Smart Host to deliver
| > > mail in the following scenario:
| > > 1 We POP the mail from our mail server
| > > 2 We send messages out using a different (external) mail server with
| > > its own SSL port and requires authentication
| > > Appreciated,
| > > Thanks.- Hide quoted text -
| > - Show quoted text -
| Hi Austin!
| Thanks for the help guys. Yes, we are attempting to use Google hosted
| domains to use gmail accounts (one of the main reasons being gmail's
| good spam filters). according to gmail POP, we HAVE to use their SMTP
| and POP3 servers for outgoing and incoming respective servers.
| Additionally, they require SSL connections to their servers and
| authentication. I figure that since Exchange has the option using the
| Virtual SMTP Instance to activate a Smart Host it should be able to
| forward all outgoing mail to their SMTP servers so we comply with
| Any help much appreciated
- Prev by Date: Re: Problem with DHCP with a Server and Firebox
- Next by Date: RE: New hard disks for SBS 2003. Urgent question
- Previous by thread: Re: Exchange Server 2003 Smart Host
- Next by thread: Re: Exchange Server 2003 Smart Host