Apr 20 2018 11:52 AM
I have Internal servers relaying on a "on premise SMTP server" this smtp server has an Office 365 Exchange Connector configured a:
From: Your organization's email server
To: Office 365
Identity: from our Public IP that the smtp server sends from.
All works Great.
Now I have been asked if we can have the message encrypted or use TLS between the smtp server and Office 365.
Can that be done? without encrypting from every account that is being relayed.
if so how?
Thank you
David
Apr 20 2018 12:55 PM
Set the connector to require TLS as detailed for example here: https://technet.microsoft.com/en-us/library/dn751021(v=exchg.150).aspx
Apr 20 2018 03:39 PM
Apr 23 2018 04:16 AM
Apr 23 2018 10:22 AM
SolutionIt's generally assumed that when you configure TLS, you would use a certificate associated with specific domain, so that the service can verify the sender. If you use the IP option, you should still be able to toggle the TLS requirement via PowerShell:
Get-InboundConnector Hybrid-In | Set-InboundConnector -RequireTls $true
Apr 24 2018 05:07 AM
I ran the command to force TLS, Now Powershell shows "RequireTls: True
This is the result log file on my smtp server does it look to be secure?
*****
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 220+CO1NAM03FT006.mail.protection.outlook.com+Microsoft+ESMTP+MAIL+Service+ready+at+Tue,+24+Apr+2018+12:01:14++0000 94 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand EHLO smtp.XYZ.org 94 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250-CO1NAM03FT006.mail.protection.outlook.com+Hello+[XX.XXX.XXX.XXX] 157 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand STARTTLS - 157 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 220+2.0.0+SMTP+server+ready 219 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand EHLO smtp.XYZ.org 360 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250-CO1NAM03FT006.mail.protection.outlook.com+Hello+[XX.XXX.XXX.XXX] 407 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand MAIL FROM:<imagenow@XYZ.org>+SIZE=1110 407 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250+2.1.0+Sender+OK 516 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand RCPT TO:<JoeBob@XYZ.com> 516 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionResponse - 250+2.1.5+Recipient+OK 610 SMTP -
2018-04-24 12:01:14 216.32.181.10 OutboundConnectionCommand BDAT 1110+LAST 610 SMTP -
Apr 23 2018 10:22 AM
SolutionIt's generally assumed that when you configure TLS, you would use a certificate associated with specific domain, so that the service can verify the sender. If you use the IP option, you should still be able to toggle the TLS requirement via PowerShell:
Get-InboundConnector Hybrid-In | Set-InboundConnector -RequireTls $true