Re: New ISP requires SMTP change...

On Sun, 10 Feb 2008 19:29:34 -0500, "Merv Porter [SBS-MVP]"
<mwport@xxxxxxxxxxxxxxxxxxx> wrote:

I donlt think you can get there from here using Exchange SMTP for outbound
mail because Exchange SMTP doesn't support SSL (only TLS). (And the POP3
Connector also doesn't support SSL - it only supports SPA).

Exchange Server 2003 Smart Host
http://groups.google.com/group/microsoft.public.windows.server.sbs/browse_thread/thread/e8c29d59723ad5ac/6913d76648d43163?hl=en&lnk=st&q=Exchange+Server+2003+Smart+Host+#6913d76648d43163

Now I'm convinced that you and Terence Liu (MSFT) are completely
right: Exchange does not support SSL for SMTP or the SMTP connector.
Exchange only supports TLS for that.

Spent most of the day yesterday with testing and researching. My ISP
uses Sendmail 8.13.8. I've tested with Exchange /SP2 SBS 2003R2 PE and
Outlook 2007 / SP1.

Sendmail has no problems with either TLS nor SSL. Exchange connects
fine with TLS and Outlook with SSL. But every effort to configure
Exchange for outgoing SSL failed.

It is quite easy to configure TLS with SBS. There's no need for an
additional certificate. The steps involved are just:

1) Enable a smarthost.
2) On the SMTP Connector, Properties, Advanced, Outbound Security
there' a checkbox for TLS Encryption check box.
3) Restart the SMTP service and Routing Engine (net stop / start "IIS
Admin Service")

The reason I tried so hard to figure out a way is that some of the
documentation is vague (or wrong) and uses the terms TLS and SSL
interchangeable.

This said, MS' online documentation is excellent, such as
http://support.microsoft.com/kb/829721

I will not bore you with RFCs, but two interesting points are:

RFC 2246 - "The TLS Protocol Version 1.0" does not require nor request
backwards compatibility with SSL. It only outlines the steps to do so.
And Exchange uses an extension to TLS: RFC 2487 -" SMTP Service
Extension for Secure SMTP over TLS." (Ex 5.5 did so as well.)

Sorry for smudging the air with my poor understanding.

jas
.

Relevant Pages

  • Re: Exchange Server 2003 Smart Host
    ... The Google Mail enable SSL SMTP connection for clients to connect but not ... for Exchange server. ... The Exchange only support TLS for that. ...
    (microsoft.public.windows.server.sbs)
  • TLS problem
    ... Exchange as SMTP bridgehead server and created a SMTP connector. ... SMTP server supports also TLS. ...
    (microsoft.public.exchange.admin)
  • Re: SMTP-Auth bei Exchange
    ... ohne SSL sind Kennwort bei SMTP und POP3 in Klartext!! ... Also SSL aktivieren., wenn es denn wirklcih SMTP sein muss. ... Frank Carius MS Exchange MVP ...
    (microsoft.public.de.exchange)
  • Re: Confused About TLS & EX2003
    ... The sending domain will need to somehow tell SMTP to use TLS when sending to ... If they're on Exchange they can do this by creating a SMTP ...
    (microsoft.public.exchange.connectivity)
  • Outlook with TLS/SSL
    ... I am configuring my Exchange 2003 box to accept TLS/SSL communications. ... First, I tested without SSL, and everything works smooth: ... Is there a way to tell Exchange 2003 not to use TLS, ...
    (microsoft.public.exchange.admin)