Configuring TLS for use with MessageLabs

Status
Not open for further replies.
M

Milo145

Can't figure out what I'm missing with this, going cross eyed..........

[PS] C:\Windows\system32>get-receiveconnector external |fl
RunspaceId : fe8e6d9a-69c1-4cb4-86a7-daba217f11d8
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : True
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : mail.mydomain.net
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : 20
MaxInboundConnectionPercentagePerSource : 2
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 97.89 MB (102,645,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 200
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : True
EnableAuthGSSAPI : False
LiveCredentialEnabled : False
Server : MAIL
SizeEnabled : Enabled
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : External
DistinguishedName : CN=External,CN=SMTP Receive Connectors,CN=Protocols,CN=MAIL,CN=Serve
rs,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Group
s,CN=my company name,CN=Microsoft Exchange,CN=Services,CN=Configuration
,DC=mydomain,DC=net
Identity : MAIL\External
Guid : 1579b678-659a-4eb6-8eb9-b7bbfc621637
ObjectCategory : mydomain.net/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 6/29/2010 2:41:06 PM
WhenCreated : 6/29/2010 1:19:33 PM
WhenChangedUTC : 6/29/2010 6:41:06 PM
WhenCreatedUTC : 6/29/2010 5:19:33 PM
OrganizationId :
OriginatingServer : AD.mydomain.net
IsValid : True
>>>>>>>>>>>>>>>>>>> TELNET OUTPUT <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

220 MAIL.MYDOMAIN.NET Microsoft ESMTP MAIL Service ready at Tue, 29 Jun 2
010 14:52:40 -0400
ehlo
250-mail.mydomain.net Hello [192.168.1.33]
250-SIZE 102645760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
 
M

Mark E. Smith [MCM]

Is the FQDN listed in specified in the HELO/EHLO response listed as the subject name or SAN on the certificate used AND does messagelabs require that it trust the CA that issued that certificate?

Check " get-exchangecertificate -server {my hub}" and make sure that the cert you want to use for TLS is enabled for SMTP services.

Mark
Mark E. Smith
Practice Manager, Unified Communications
Capax Global Consulting
My Blog - http://blogs.capaxglobal.com/markesmith
 
M

Milo145

Yes it is enabled for SMTP, that was the first stumbling block ;)

in 2003 it was so easy to config but man in 2010 it's a bit**!
 
M

Milo145

Nope went as far as deleting the " Default" and recreating a new one.
 
M

Mark E. Smith [MCM]

Also are there any other certs (maybe the default self-signed cert) that are enabled for SMTP?

Here's my output from a similar receive connecter with your Auth and Permission group settings along with the EHLO output (which encludes STARTTLS)
RunspaceId : 3501a22d-9666-456e-aa0e-07f04b5f68d7
AuthMechanism : Tls
Banner :
BinaryMimeEnabled : True
Bindings : {:::25, 0.0.0.0:25}
ChunkingEnabled : True
DefaultDomain :
DeliveryStatusNotificationEnabled : True
EightBitMimeEnabled : True
DomainSecureEnabled : False
EnhancedStatusCodesEnabled : True
LongAddressesEnabled : False
OrarEnabled : False
SuppressXAnonymousTls : False
AdvertiseClientSettings : False
Fqdn : E14HUBCAS01.capaxglobal.lab
Comment :
Enabled : True
ConnectionTimeout : 00:10:00
ConnectionInactivityTimeout : 00:05:00
MessageRateLimit : unlimited
MessageRateSource : IPAddress
MaxInboundConnection : 5000
MaxInboundConnectionPerSource : unlimited
MaxInboundConnectionPercentagePerSource : 100
MaxHeaderSize : 64 KB (65,536 bytes)
MaxHopCount : 30
MaxLocalHopCount : 8
MaxLogonFailures : 3
MaxMessageSize : 10 MB (10,485,760 bytes)
MaxProtocolErrors : 5
MaxRecipientsPerMessage : 5000
PermissionGroups : AnonymousUsers
PipeliningEnabled : True
ProtocolLoggingLevel : None
RemoteIPRanges : {::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff, 0.0.0.0-255.255.255.255}
RequireEHLODomain : False
RequireTLS : False
EnableAuthGSSAPI : False
LiveCredentialEnabled : False
Server : E14HUBCAS01
SizeEnabled : EnabledWithoutValue
TarpitInterval : 00:00:05
MaxAcknowledgementDelay : 00:00:30
AdminDisplayName :
ExchangeVersion : 0.1 (8.0.535.0)
Name : Default E14HUBCAS01
DistinguishedName : CN=Default E14HUBCAS01,CN=SMTP Receive Connectors,CN=Protocols,CN=CLTE14HU
BCAS01,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin
istrative Groups,CN=APMETRO,CN=Microsoft Exchange,CN=Services,CN=Configuratio
n,DC=CapaxGlobal,DC=lab
Identity : E14HUBCAS01\Default E14HUBCAS01
Guid : d7f2f49e-5cf7-4447-8e27-1fb86039a8fb
ObjectCategory : capaxglobal.lab/Configuration/Schema/ms-Exch-Smtp-Receive-Connector
ObjectClass : {top, msExchSmtpReceiveConnector}
WhenChanged : 6/29/2010 4:16:21 PM
WhenCreated : 12/2/2009 3:58:08 PM
WhenChangedUTC : 6/29/2010 8:16:21 PM
WhenCreatedUTC : 12/2/2009 8:58:08 PM
OrganizationId :
OriginatingServer : labdc10.capaxglobal.lab
IsValid : True

=========================

220 E14HUBCAS01.capaxglobal.lab Microsoft ESMTP MAIL Service ready at Tue, 29 J
un 2010 16:16:14 -0400
EHLO
250-E14HUBCAS01.capaxglobal.lab Hello [10.1.1.215]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
Mark E. Smith
Practice Manager, Unified Communications
Capax Global Consulting
My Blog - http://blogs.capaxglobal.com/markesmith
 
Status
Not open for further replies.
Thread starter Similar threads Forum Replies Date
Diane Poremsky Configuring SmartPhones to use EAS to Outlook.com New Slipstick.com Articles 0
B Configuring MS emails Using Outlook 8
Diane Poremsky Configuring an Outlook.com account in Outlook New Slipstick.com Articles 0
Diane Poremsky Configuring a Manual Send and Receive in Outlook New Slipstick.com Articles 0
G Need help configuring a PRF for Outlook 2010 and 2013 Using Outlook 0
V Configuring a new IMAP email account in Outlook 2007 Using Outlook 4
G Configuring Outlook 2003 for Gmail with both pop3 & imap4 accounts Using Outlook 1
V iCloud Configuring @me.com in Outlook (updated) Using Outlook 1
B Microsoft office outlook 2007 showing configuring outlook accounts for hours Using Outlook 6
M Configuring Outlook 2010 Using Outlook 5
V Need help on configuring Outook 2003 Rules and Alerts... Using Outlook 2
C Configuring Navigation shortcuts Using Outlook 3
M configuring email to sever Using Outlook 1
2 configuring external client access Exchange Server Administration 3
S configuring outlook 2010 through macros Using Outlook 1
T Configuring Distribution Lists in Exchange 2010 Exchange Server Administration 3
C Configuring automatic reply with an approved message attached to original received message that will be forward to a 3rd party Using Outlook 2
M Autodiscover not configuring Outlook Anywhere Using Outlook 10
S Error while trying for Configuring OUT Of Office from outlook client Exchange Server Administration 4
C Help Configuring Exchange Server 2003 SP 2 for ActiveSync with a Droid X Using Outlook 11
H Too Many Names error when configuring new account in Outlook Using Outlook 3
A Configuring default size values for archive mailbox Exchange Server Administration 6
K id event 9353 after configuring photos in the OAB in Exchange 2010 Exchange Server Administration 1
W Configuring Exchange 2010 Server to deliver mail to other Internal E-mail Servers Exchange Server Administration 8
H Too Many Names error when configuring new account in Outlook Using Outlook 5
N steps in configuring ms exchange to send and recieve emails from different domain? Exchange Server Administration 30
N Configuring Blackberry Mobile For Exchnage 2010 Exchange Server Administration 3
J Exchange 2010 RTM + Configuring the Change Password Feature in Outlook Web App Exchange Server Administration 2
M Re configuring Microsoft outlook Using Outlook 2
G Options for configuring OWA Exchange Server Administration 1
V Installing/Configuring Exchange 2010 to Accomodate Sharepoint 2007 Exchange Server Administration 1
B Configuring DNS when migrating to Exchange 2010 from Exchange 2003 Exchange Server Administration 3
S Outlook 2007 Configuring/ Connection issues to .hotmail; .live; frontiernet.net Using Outlook 3
T Configuring a Single Exchange forest in a Dual AD environment Exchange Server Administration 2
L Configuring Outlook POP3/SMTP profile - HELP Exchange Server Administration 3
M Configuring MS Office XP Outlook on new computer.__ Using Outlook 1
N Configuring Entourage for Exchnage 2010 Exchange Server Administration 5
Z Configuring autodiscover in account forest Exchange Server Administration 2
A Configuring? How??? Using Outlook 2
S Getting 5.7.1 after configuring anonymous relay for range of IPs Exchange Server Administration 5
D Error when configuring help links Exchange 2010 Exchange Server Administration 1
N Configuring my E-mail to work with Outlook 2007 Using Outlook 18
A Problem Configuring Outlook Anywhere with TMG Exchange Server Administration 8
D Re: Exception error IM provider .dll configuring OWA 2010 and OCS 2007 R2 integration Exchange Server Administration 4
N Configuring Outlook with each logon? Using Outlook 5
L Exchange TLS query Exchange Server Administration 3
R Microsoft.Exchange.Net.ExSmtpClient.TlsApiFailureException: A TLS API failure occurred. Error = 0x80 Exchange Server Administration 1
K TLS Connection between Contoso & Woodgrove Exchange Server Administration 3
B Exchange 2010 SMTP SSL or TLS Client Access Using Outlook 5
D Problem sending mails after migration. Ciphers used in TLS with SM Using Outlook 0
Similar threads


















































Top