I get a warning:
Source: MSExchangeTransport
Event ID: 12014
Microsoft Exchange couldn't find a certificate that contains the domain name
foo.bar in the personal store on the local computer. Therefore, it is unable
to support the STARTTLS SMTP verb for the connector RestOfWorld with a FQDN
parameter of foo.bar
Does it really matter if I am sending SMTP to the internet?
Frank
Yes en No
Yes: If you want to use SSL for SMTP. Sometimes partners will ask for SMTP
over SSL
No: If you like to be unsecure and don't want to use SSL.
Martijn Bellaard
"Frank" <nor...@127.0.0.1> wrote in message
news:unvbyYob...@TK2MSFTNGP06.phx.gbl...
How often will a SMTP server that is setup to receive standard internet mail
ask for SSL?
I guess if I was sending to a known partner then I could make a specific
send connector for that domain
F
"Martijn Bellaard" <mar...@mbco.nl> wrote in message > Yes: If you want to
>In order to send mail to the rest of the world I have put a fqdn on the send
>connector which matches the PTR record for the IP address.
No, you don't. While there may be some overzealous admins out there,
there's no requirement that the name on the PTR must match the name in
the ELHO/HELO command. It's not a bad idea to have them match, but
usually only a PTR record for the IP is needed.
>I get a warning:
>Source: MSExchangeTransport
>Event ID: 12014
>
>Microsoft Exchange couldn't find a certificate that contains the domain name
>foo.bar in the personal store on the local computer. Therefore, it is unable
>to support the STARTTLS SMTP verb for the connector RestOfWorld with a FQDN
>parameter of foo.bar
>
>Does it really matter if I am sending SMTP to the internet?
Sending? Not usually. The only time you'd HAVE to use TLS is if the
receiving MTA accepted only TLS connections.
---
Rich Matheisen
MCSE+I, Exchange MVP
"Frank" <nor...@127.0.0.1> wrote in message
news:uTSVtmqb...@TK2MSFTNGP06.phx.gbl...
> Sending? Not usually. The only time you'd HAVE to use TLS is if the
> receiving MTA accepted only TLS connections.
Thanks Rich and everyone else who replied
I do wish microsoft wouldn't give us red error log messages when something
may be discretionary, it leads us to devalue the logs, and perhaps ignore a
warning when it should be heeded
F
> I guess if I was sending to a known partner then I could make a specific
> send connector for that domain
Yes you can.
Martijn
"Frank" <nor...@127.0.0.1> wrote in message
news:uTSVtmqb...@TK2MSFTNGP06.phx.gbl...
The error is legitimate. You may, or may not, encounter email systems
that require the use of TLS. You can pretty easily create a
self-signed certificate for the machine, or use your own CA to create
certificates for this, and other, machines in your own forest. Or you
can spend $30 and get a SSL/TLS cert from a CA such as godaddy.com.
Your question wasn't whether you /should/ ignore the event. You asked
if you /could/ ignore it. As with many things, ignoring them is okay
until they become an issue.
> You can pretty easily create a
> self-signed certificate for the machine, or use your
> own CA to create
> certificates for this, and other, machines in
> your own forest.
Do you have a link to instructions on how to do the above for exchange 07?
F
The CA is a "Windows thing". You'll get better answers in the Windows
newsgroups.
Once you have your CA installed and operational you can use the
New-ExchangeCertificate cmdlet. DigiCert has a nice web page that'll
create the cmdlet for you:
https://www.digicert.com/easy-csr/exchange2007.htm
Technet and other web pages have lots of help, too:
http://technet.microsoft.com/en-us/library/bb310781.aspx
http://msexchangeteam.com/archive/2007/02/19/435472.aspx
I'll follow those up
F
"Rich Matheisen [MVP]" <rich...@rmcons.com.NOSPAM.COM> wrote in message
news:8pv8h5lipb5u84ni9...@4ax.com...