Exchange 2016 TLS on received internet mail

J Slack 41 Reputation points
2021-01-20T16:04:49.957+00:00

Hi,

We have a customer who is having issues receiving email from someone on the internet. They have a single Exchange 2016 server and internet mail is delivered directly to that server (no 3rd part mail service, or other devices in the way like an Edge server).

This is kind of an out of the box server config, so default receive connectors answering on server.domain.local.

I was wondering the best way to get TLS working (For those on the internet who are using it) while allowing people not using TLS to keep working.

As we can't change the name the default connector is answering with, I assume the best bet would be to add a new NIC/IP and create a new receive connector listening on that, leaving the default connector alone. We can then set up TLS on that using a name that matches the 3rd party certificate.

If anyone has any ideas or can steer me right, that would be great.

Thanks

J

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,397 questions
{count} votes

Accepted answer
  1. Andy David - MVP 142.8K Reputation points MVP
    2021-01-20T17:05:13.05+00:00

    This should work like that out of the box. Is it not? or is there something else you are looking for?

    You can create a custom connector, but typically not required
    https://learn.microsoft.com/en-us/exchange/mail-flow/connectors/custom-receive-connectors?view=exchserver-2019#scenario-1-receive-email-from-the-internet

    0 comments No comments

1 additional answer

Sort by: Most helpful
  1. J Slack 41 Reputation points
    2021-01-29T15:45:53.58+00:00

    Thanks for this info (sorry, notifications didn't come through).

    Unfortunately it looks like it is not working for whatever reason. I guess I need to do some more digging in to this to work out why it is failing.

    I did look at the option of adding a second NIC (or IP) and then creating a new connector so I can rename the connector to use the 3rd party cert.

    But I think before going down that road, I need to find out what is causing the problem if it SHOULD work.

    Cheers

    0 comments No comments