No. Receiving inbound mail simply requires you install the cert on the SMTP virtual server. Same IP address can be used for receiving TLS and non-TLS mail. Exchange will advertise TLS as a valid verb. Sending outbound you'll create a new SMTP connector with an address space (or multiple address spaces) which correspond to the hosts(s) you want to send TLS mail /to/. You can still use DNS for that unless they have a dedicated TLS gateway (which is another stupid "security trick" some people implement).
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:bounce- > [EMAIL PROTECTED] On Behalf Of Pat Richard > Posted At: Tuesday, December 19, 2006 10:36 AM > Posted To: swynk > Conversation: TLS > Subject: RE: TLS > > Yeah, we use plenty of RapidSSL certs for clients. I'm just trying to > cover all of my bases before trying this. I've never had to setup TLS > before. My understanding is that (based on the link I provided), it > creates a specific site to site configuration that would be outside the > scope of my MX records (since I assign another IP to it). Is that > correct? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Evan > Mann > Sent: Tuesday, December 19, 2006 11:31 AM > To: Exchange Discussions > Subject: RE: TLS > > Untrusted certs kick off cert warnings, and unless the communicating > software has a way to say "yes" to an acception, the SSL communication > will fail. > > If you sign your own cert, and provide it to them, they need to accept > it as trusted on the server that is commmunicating. Many people are > not > going to want to do this for a variety of reasons. > > Globally trusted certs do not need to be expensive. RapidSSL certs are > signed by Equifax and only cost $69 for a single year (with discounts > for multiple years). There are even cheaper ones as well. It'sn ot > worth the headaches of trying to sign your own cert IMO unless it's > strictly for testing/lab/internal use only. > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Chris Scharff > Sent: Tuesday, December 19, 2006 11:26 AM > To: Exchange Discussions > Subject: RE: TLS > > For TLS? WTF... Since your server certificate is only used when they > are > trying to send mail to you and you've published your Mx records I can't > see why it would matter. But, what do I know. > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:bounce- > > [EMAIL PROTECTED] On Behalf Of Fyodorov, Andrey > > (Citco) > > Posted At: Tuesday, December 19, 2006 9:50 AM Posted To: swynk > > Conversation: TLS > > Subject: RE: TLS > > > > Internal can be used. But the client will probably want to deal with > a > > > trusted certificate from third party. This was our case. Our client > > didn't want to deal with us until we got a cert from Verisign. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Pat > > > Richard > > Sent: Tuesday, December 19, 2006 10:42 AM > > To: Exchange Discussions > > Subject: TLS > > > > We've been tasked with setting up TLS between a client and a large > > client of theirs. I've been doing some initial research, and was > > reading http://msexchangeteam.com/archive/2006/10/04/429090.aspx. It > > mentions setting up a certificate. My question is if an internal CA > > can be > used, > > or if it needs to be a trusted cert from a third party. > > > > Any help is greatly appreciated. > > > > Pat Richard > > BOLD Technologies, Inc. > > Phone: 248-457-2000 x11 > > Fax: 248-786-0216 > > http://www.BoldTechnologies.com/ > > [EMAIL PROTECTED] > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > dl.sparklist.com > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > dl.sparklist.com > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
