[ExchangeList] Outbound TLS on dedicated SMTP VS in FE/BE setup

  • From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
  • To: <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 17 May 2007 13:50:04 -0400

http://www.msexchange.org
-------------------------------------------------------Thanks.  Got that all 
setup. Now the mail I want to go out the second
SMTP VS is trying to go that route, but I'm having a TLS problem now.
Here's the info:

BE server has a single SMTP virtual server with default configuration
FE server has 2 SMTP virtual servers:
- Default SMTP - configuration for non-secure mail,
- TLS SMTP - configured for TLS mail (inbound and outbound)

2 Connectors have been established:
- Internet Mail: Uses DNS to route, local bridge is the FE with the
Default SMTP virtual server, address space of *, cost 2
- TLS Mail: Uses DNS to route, local bridgehead is FE with the TLS SMTP
virtual server, address space of domain1.com, cost 1

TLS Required is set on the TLS Mail routing connector, advanced
tab/outbound security. TLS required is NOT set on the TLS SMTP Virtual
Server.

Routing connectors are working fine, but TLS is not. When I send an
e-mail to @domain1.com, the following error is returned:

user@xxxxxxxxxxx on 5/17/2007 11:52 AM
The recipient could not be processed because it would violate the
security policy in force
<BE-Server.mydomain.com #5.7.0 smtp;530 5.7.0 Must issue a STARTTLS
command first>

domain1.com IS configured to accept TLS connections as verified by
telnetting to domain1.com and typing STARTTLS.

Looking at the mail headers on the failed e-mails, I never see an entry
where the mail goes from the BE server to the FE server. The BE server
only has the single SMTP Virtual Server established and there is no
certificate installed on it. I only setup the additional SMTP virtual
server on the FE with the certificate. Is this the problem, or something
else? 

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Carl Houseman
Sent: Thursday, May 17, 2007 12:46 PM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] Re: send outbound e-mail through specific SMTP
virtual server

http://www.msexchange.org
-------------------------------------------------------
Create an SMTP connector that has the address space of that domain.
Select the appropriate SMTP VS as the "local bridgehead" for that
connector.

-----Original Message-----
From: exchangelist-bounce@xxxxxxxxxxxxx
[mailto:exchangelist-bounce@xxxxxxxxxxxxx] On Behalf Of Evan Mann
Sent: Thursday, May 17, 2007 11:10 AM
To: exchangelist@xxxxxxxxxxxxx
Subject: [ExchangeList] send outbound e-mail through specific SMTP
virtual server

1 BE + 1 FE setup on E2K3 SP2.  I have 2 SMTP Virtual server's on the FE
server, one of them is TLS secured, one of them is not  I want to force
all outbound e-mail to particular domains through the TLS secured SMTP
virtual server, as opposed to the non-secured. How would I do this?

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials:
http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx 

-------------------------------------------------------
List Archives: http://www.freelists.org/archives/exchangelist/
MSExchange Newsletter: http://www.msexchange.org/pages/newsletter.asp
MSExchange Articles and Tutorials: http://www.msexchange.org/articles_tutorials/
MSExchange Blogs: http://blogs.msexchange.org/
-------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
-------------------------------------------------------
To unsubscribe visit http://www.msexchange.org/pages/exchangelist.asp
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

  • » [ExchangeList] Outbound TLS on dedicated SMTP VS in FE/BE setup