Applies to: Exchange Server 2013

Topic Last Modified: 2012-10-16

The Receive connector authentication mechanisms are the following:

Authentication mechanism Description


No authentication.


Advertise STARTTLS. Requires availability of a server certificate to offer TLS.


NTLM and Kerberos (Integrated Windows authentication).


Basic authentication. Requires an authenticated logon.


Basic authentication over TLS. Requires a server certificate.


Exchange Server authentication (Generic Security Services application programming interface (GSSAPI) and Mutual GSSAPI).


The connection is considered externally secured by using a security mechanism that's external to Exchange. The connection may be an Internet Protocol security (IPsec) association or a virtual private network (VPN). Alternatively, the servers may reside in a trusted physically controlled network. The ExternalAuthoritative authentication method requires the ExchangeServers permission group. This combination of authentication method and security group permits the resolution of anonymous sender email addresses for messages that are received through this connector.