Does Exchange 2010 encrypt inbound and outbound email traffic by default?
Assuming you already have a cert installed,
- Create an additional Send Connector
- specify the domains that require TLS in the Address Space section of the send connector
- check the "Enable Domain Security (Mutual Auth TLS)" checkbox in the Network section of the new Send Connector
That checkbox ensures that TLS must be supported on the remote end, or sending will fail.
Related videos on Youtube
jmreicha
DevOps, SRE, Docker, Kubernetes, Python, automation. Blog: https://thepracticalsysadmin.com
Updated on September 18, 2022Comments
-
jmreicha over 1 year
The higher ups have recently asked about this as I'm sure there are compliance issues that need to be addressed. I was under the assumption that Exchange uses opportunistic TLS or StartTLS to try to encrypt all outbound emails and falls back to unencrypted transport.
Is this the case with newer versions of Exchange? How reliable is this and how often is StartTLS employed by other mail servers?
If this method for encrypting mail traffic cannot be used reliably what are some other alternatives on the server side of things?
-
1.618 over 11 yearsWould this be a requirement for all outbound mail, or only messages to a few specific domains?
-
jmreicha over 11 yearsI would like to know for both scenarios, just for my own curiosity, but the requirement at this point would only be for a number of specific domains.
-
-
longneck over 11 yearsCorrect. This is becoming more common since the major products (like Exchange) are coming with TLS enabled by default.
-
jmreicha over 11 yearsWould the mail server on the other side need to set this up with our domain as well?
-
1.618 over 11 yearsIdeally, yes. but at a minimum, they'd just need a cert for you to be able to send messages to them.