Home / server / Questions / 457908
In Process
jmreicha
Asked: 2012-12-14 12:09:57 +0800 CST

Does Exchange 2010 encrypt inbound and outbound email traffic by default?

  • 772

The higher ups have recently asked about this as I'm sure there are compliance issues that need to be addressed. I was under the assumption that Exchange uses opportunistic TLS or StartTLS to try to encrypt all outbound emails and falls back to unencrypted transport.

Is this the case with newer versions of Exchange? How reliable is this and how often is StartTLS employed by other mail servers?

If this method for encrypting mail traffic cannot be used reliably what are some other alternatives on the server side of things?

exchange-2010

2 Answers

  1. Assuming you already have a cert installed,

    1. Create an additional Send Connector
    2. specify the domains that require TLS in the Address Space section of the send connector
    3. check the "Enable Domain Security (Mutual Auth TLS)" checkbox in the Network section of the new Send Connector

    That checkbox ensures that TLS must be supported on the remote end, or sending will fail.

    • 1

  2. If you provided a certificate and assigned it to the SMTP role on your hub transport or edge transport servers, Exchange will try to opportunistically encrypt incoming and outgoing SMTP connections.

    • 0