Supporting Messaging Clients

Use TLS Encryption

You can require that all clients use Transport Layer Security (TLS) encryption, a generic security protocol similar to Secure Sockets Layer (SSL), to connect to an SMTP virtual server. This option secures the connection, but it is not used for authentication.

To enable TLS encryption on a virtual server, you must create key pairs and configure key certificates on the Exchange server running the SMTP Service. This can be done through IIS. Clients can then use TLS to encrypt the session with Exchange, and thus all messages sent. Exchange can also use TLS to encrypt sessions with remote servers.

Note   If your virtual server is on the Internet, requiring TLS encryption on inbound connections is not recommended. Very few of these connections will support TLS and users will not be able to connect to your server. In most cases, it makes more sense to encrypt your mail messages instead of the SMTP channel. See your Key Management Service documentation for information on encrypting mail. TLS is intended for a point-to-point SMTP connection between partner organizations, for example, where both parties know the other supports TLS.

This section contains the following topics:

Related Topics

Configure Authentication for Outbound Messages