Is ok, the articles from Microsoft pretty much suck. They are technically accurate, but don't describe any useful scenarios (IMO). As Evan mentioned, you don't want to check the "require TLS" box on your default SMTP virtual server unless you're only planning to accept mail from hosts which use TLS (which unless you are positive is true, is almost certainly false).
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:bounce- > [EMAIL PROTECTED] On Behalf Of Pat Richard > Posted At: Tuesday, December 19, 2006 10:47 AM > Posted To: swynk > Conversation: TLS > Subject: RE: TLS > > Ah ok. That makes more sense. I only read through that article quickly, > and haven't sat down and tried to figure it out in depth yet. > > Thanks for the info. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Chris > Scharff > Sent: Tuesday, December 19, 2006 11:42 AM > To: Exchange Discussions > Subject: RE: TLS > > No. Receiving inbound mail simply requires you install the cert on the > SMTP virtual server. Same IP address can be used for receiving TLS and > non-TLS mail. Exchange will advertise TLS as a valid verb. Sending > outbound you'll create a new SMTP connector with an address space (or > multiple address spaces) which correspond to the hosts(s) you want to > send TLS mail /to/. You can still use DNS for that unless they have a > dedicated TLS gateway (which is another stupid "security trick" some > people implement). > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:bounce- > > [EMAIL PROTECTED] On Behalf Of Pat Richard > > Posted At: Tuesday, December 19, 2006 10:36 AM > > Posted To: swynk > > Conversation: TLS > > Subject: RE: TLS > > > > Yeah, we use plenty of RapidSSL certs for clients. I'm just trying to > > cover all of my bases before trying this. I've never had to setup TLS > > before. My understanding is that (based on the link I provided), it > > creates a specific site to site configuration that would be outside > the > > scope of my MX records (since I assign another IP to it). Is that > > correct? > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > Evan > > Mann > > Sent: Tuesday, December 19, 2006 11:31 AM > > To: Exchange Discussions > > Subject: RE: TLS > > > > Untrusted certs kick off cert warnings, and unless the communicating > > software has a way to say "yes" to an acception, the SSL > communication > > will fail. > > > > If you sign your own cert, and provide it to them, they need to > accept > > it as trusted on the server that is commmunicating. Many people are > > not > > going to want to do this for a variety of reasons. > > > > Globally trusted certs do not need to be expensive. RapidSSL certs > are > > signed by Equifax and only cost $69 for a single year (with discounts > > for multiple years). There are even cheaper ones as well. It'sn ot > > worth the headaches of trying to sign your own cert IMO unless it's > > strictly for testing/lab/internal use only. > > > > > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Chris Scharff > > Sent: Tuesday, December 19, 2006 11:26 AM > > To: Exchange Discussions > > Subject: RE: TLS > > > > For TLS? WTF... Since your server certificate is only used when they > > are > > trying to send mail to you and you've published your Mx records I > can't > > see why it would matter. But, what do I know. > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:bounce- > > > [EMAIL PROTECTED] On Behalf Of Fyodorov, > Andrey > > > (Citco) > > > Posted At: Tuesday, December 19, 2006 9:50 AM Posted To: swynk > > > Conversation: TLS > > > Subject: RE: TLS > > > > > > Internal can be used. But the client will probably want to deal > with > > a > > > > > trusted certificate from third party. This was our case. Our client > > > didn't want to deal with us until we got a cert from Verisign. > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Pat > > > > > Richard > > > Sent: Tuesday, December 19, 2006 10:42 AM > > > To: Exchange Discussions > > > Subject: TLS > > > > > > We've been tasked with setting up TLS between a client and a large > > > client of theirs. I've been doing some initial research, and was > > > reading http://msexchangeteam.com/archive/2006/10/04/429090.aspx. > It > > > mentions setting up a certificate. My question is if an internal CA > > > can be > > used, > > > or if it needs to be a trusted cert from a third party. > > > > > > Any help is greatly appreciated. > > > > > > Pat Richard > > > BOLD Technologies, Inc. > > > Phone: 248-457-2000 x11 > > > Fax: 248-786-0216 > > > http://www.BoldTechnologies.com/ > > > [EMAIL PROTECTED] > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > To subscribe: > http://e-newsletters.internet.com/discussionlists.html/ > > > To unsubscribe send a blank email to > > > [EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been contacted > with. > > > > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > To subscribe: > http://e-newsletters.internet.com/discussionlists.html/ > > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > > dl.sparklist.com > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been contacted > with. > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to [EMAIL PROTECTED] > > dl.sparklist.com > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > dl.sparklist.com > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
