BACKGROUND
1) I have received a request, or rather and ORDER, to implement domain-secure email (TLS) between my domain and some other external domain.Their side is fully configured and operational.
My side as far as Exchange server is concerned is fully operational.My Exchange Edge is published to the internet through ISA 2006 and this appears to be the genesis of my problem.When i attempt to test my TLS configuration from a host 'outside' of my network (I used checktls.com) i encounter the following error:
| [000.389] | Connected to server | |
| [000.777] | <-- | 220 ******************************************************************************************** |
| [000.777] | We are allowed to connect | |
| [000.778] | --> | EHLO checktls.com |
| [001.150] | <-- | 250-mail.mydomainhere.com Hello [remote ip address] 250-SIZE 10485760 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-XXXXXXXA 250-XXXXXXXXXXXXXB 250-AUTH 250-XXXXXXXXXXC 250-8BITMIME 250-BINARYMIME 250-XXXXXXXD 250-XXXXXXE 250 XXXXXXF |
| [001.150] | We can use this server | |
| [001.151] | TLS is not an option on this server |
Note the resulting error: "TLS is not an option on this server", even though i know TLS is fully configured, public certificates and all other prerequisites met.
Also note the "XXXXXXA" AND "XXXXXXXXB" gibberish the server is responding with.
2) Now, when i attempt a telnet to my Edge server from a host on the 'inside' of my network, i get the following response:
220 mail.mydomain.com ESMTP MAIL Service ready at Tue, 21 May 2013 10:00:47 +0300EHLO insidehost.mydomain.local
250-mail.mydomain.com Hello [internal ip address]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH
250-X-EXPS NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250 XSHADOW
It appears all the SMTP verbs are allowed from 'inside' my network. It says in the Microsoft article to disable the SMTP filter on the ISA server and i have done so but this has not helped!
I am seeking for some advice on how to solve this problem. Please note i have already disabled SMTP filter on ISA 2006 enterprise level and publishing rule as advised by Microsoft.
Not sure where exactly this question fits in.
Thanks all!