Is it possible to set up Exchange so that all outbound emails to a specific domain must go through TLS?
12,785
Yes, if you're using Exchange 2007 or 2010 just create a send connector and specify the domain in question as a remote domain.
Then use powershell to enable or disable TLS. Be sure to configure a certificate using Get-ExchangeCertificate and New-ExchangeCertificate. Take note that by default the expiration is in one year.
Next, edit your send connector to use TLS with TLSSendDomainSecureList ...
Here are step-by-step instructions: http://technet.microsoft.com/en-us/library/bb123543.aspx
Related videos on Youtube
Author by
Chung Wu
Updated on September 17, 2022Comments
-
Chung Wu over 1 year
And that, if that domain doesn't have TLS turned on, email-sending fails? I've been looking at setting up SMTP send connectors, but there doesn't seem to be an option to enforce TLS?
-
Hecter over 13 yearsStrangely, Microsoft provides no way to manage this list by adding or removing one domain at a time. If one anticipates multiple "mutual TLS" relationships with clients, vendors, etc., it becomes highly advisable to document and maintain this list separately.