Configuring TLS for use with MessageLabs

  • Thread starter Milo145
  • Start date Views 2,963
Status
Not open for further replies.
M

Milo145

Can't figure out what I'm missing with this, going cross eyed..........

[PS] C:\Windows\system32>get-receiveconnector external |fl
RunspaceId : fe8e6d9a-69c1-4cb4-86a7-daba217f11d8
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : mail.mydomain.net
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 97.89 MB (102,645,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : True
EnableAuthGSSAPI : False
LiveCredentialEnabled : False
Server : MAIL
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : External
DistinguishedName : CN=External,CN=SMTP Receive Connectors,CN=Protocols,CN=MAIL,CN=Serve
rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
s,CN=my company name,CN=Microsoft Exchange,CN=Services,CN=Configuration
,DC=mydomain,DC=net
Identity : MAIL\External
Guid : 1579b678-659a-4eb6-8eb9-b7bbfc621637
ObjectCategory : mydomain.net/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 6/29/2010 2:41:06 PM
WhenCreated : 6/29/2010 1:19:33 PM
WhenChangedUTC : 6/29/2010 6:41:06 PM
WhenCreatedUTC : 6/29/2010 5:19:33 PM
OrganizationId :
OriginatingServer : AD.mydomain.net
IsValid : True
>>>>>>>>>>>>>>>>>>> TELNET OUTPUT <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

220 MAIL.MYDOMAIN.NET Microsoft ESMTP MAIL Service ready at Tue, 29 Jun 2
010 14:52:40 -0400
ehlo
250-mail.mydomain.net Hello [192.168.1.33]
250-SIZE 102645760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
 
M

Mark E. Smith [MCM]

Is the FQDN listed in specified in the HELO/EHLO response listed as the subject name or SAN on the certificate used AND does messagelabs require that it trust the CA that issued that certificate?

Check " get-exchangecertificate -server {my hub}" and make sure that the cert you want to use for TLS is enabled for SMTP services.

Mark
Mark E. Smith
Practice Manager, Unified Communications
Capax Global Consulting
My Blog - http://blogs.capaxglobal.com/markesmith
 
M

Milo145

Yes it is enabled for SMTP, that was the first stumbling block ;)

in 2003 it was so easy to config but man in 2010 it's a bit**!
 
M

Milo145

Nope went as far as deleting the " Default" and recreating a new one.
 
M

Mark E. Smith [MCM]

Also are there any other certs (maybe the default self-signed cert) that are enabled for SMTP?

Here's my output from a similar receive connecter with your Auth and Permission group settings along with the EHLO output (which encludes STARTTLS)
RunspaceId : 3501a22d-9666-456e-aa0e-07f04b5f68d7
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : E14HUBCAS01.capaxglobal.lab
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
LiveCredentialEnabled : False
Server : E14HUBCAS01
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default E14HUBCAS01
DistinguishedName : CN=Default E14HUBCAS01,CN=SMTP Receive Connectors,CN=Protocols,CN=CLTE14HU
BCAS01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=APMETRO,CN=Microsoft Exchange,CN=Services,CN=Configuratio
n,DC=CapaxGlobal,DC=lab
Identity : E14HUBCAS01\Default E14HUBCAS01
Guid : d7f2f49e-5cf7-4447-8e27-1fb86039a8fb
ObjectCategory : capaxglobal.lab/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 6/29/2010 4:16:21 PM
WhenCreated : 12/2/2009 3:58:08 PM
WhenChangedUTC : 6/29/2010 8:16:21 PM
WhenCreatedUTC : 12/2/2009 8:58:08 PM
OrganizationId :
OriginatingServer : labdc10.capaxglobal.lab
IsValid : True

=========================

220 E14HUBCAS01.capaxglobal.lab Microsoft ESMTP MAIL Service ready at Tue, 29 J
un 2010 16:16:14 -0400
EHLO
250-E14HUBCAS01.capaxglobal.lab Hello [10.1.1.215]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
Mark E. Smith
Practice Manager, Unified Communications
Capax Global Consulting
My Blog - http://blogs.capaxglobal.com/markesmith
 
Status
Not open for further replies.
Top