I'm taking my first crack at TLS because a vendor has requested I set it up on my exchange 2K3 server. I've done quite a bit of homework on this but all I really need is to be able to receive TLS communications from this one vendor, not send to anyone. Do I still need a certificate for this? If someone could give me the play by play, I'd really appreciate it. I've been studying this for a while now and can't seem to pin it down. Thanks!!! Bryan

You'll need a certificate for TLS. You'll have to install it and associate it with your SMTP virtual server, and you'll need to enable TLS. However, Exchange doesn't do opportunistic TLS, so if you only want to do TLS with one vendor, you'll need to set up a separate SMTP virtual server and use either a different IP address or port for him to send to. Have a look at MS KB articles 829721 and 823019.

Ok, that's kind of what I figured. On another note, and this may not be the place for it, I use a sendmail gateway and I'm wondering if I have to make the sendmail server aware of this certificate? Any pointers here would be most helpful.

What I ended up doing is setting up TLS with a self-signed cert on my sendmail gateway, it was pretty straight forward. Here are the instructions I usedhttp://www.joreybump.com/code/howto/smtpauth.html. If anyone uses a sendmail email gateway for exchange, this is in my opinion the easiest way to set this up. I do not have TLS setup on exchange so the traffic from my sendmail gateway to my exchange box is not encrypted, but that doesn't really matter since both boxes are inside my LAN.