Forum Home

Replying to a message from: Anonymous

Hi,

Hope you are all well.

I'll answer both posts in this one; 

Guys, we both know I was trying to explain that you need to tell users they need to use wildcard certificates or SAN certificates and not just to export their IIS certificate. It wasn't the other way round. In fact after explaining to you that you need to add that information to your site, the site now returns a 404. Read my posts above where I specifically say you need to mention this on your website.

1. TLS starts after HELO - agreed and understand.

2. "I might be confusing SSL and TLS" - Is there a need for those sort of remarks? (port 465, upgrading connection, etc.)

3. If a message is considered good, Xeams will create a brand new connection to Exchange. This new connection will be visible through SMTPOutboundConversation.log and will use STARTTLS if supported by Exchange. - Can you please explain this a little further with an illustration. From what I gather you are saying the below is occurring however your illustration above shows the connection to Exchange for last leg delivery is plain text?


gmail, yahoo, etc. > Xeams (TLS) > Check if From and RCPT valid with ExchangeAD > Yes > Drop local connection to ExchangeAD > Filter email Xeams > Start new local connection to Exchange with TLS to deliver local mail.

and...

gmail, yahoo, etc. > Xeams (TLS) > Check if From and RCPT valid with ExchangeAD > No > Drop local connection to Exchange > Drop external connection to remote server and don't filter at all.
Or
gmail, yahoo, etc. > Xeams (TLS) > Check if From and RCPT valid with ExchangeAD > No > Drop local connection to Exchange > Filter anyway, Discard email, and Drop external connection to remote server.


4. Finally, Is the connection for the LDAP lookup carried out using secure ldap or plain text?

5. I am assuming the proxy connection to AD will only work with the one server name specified, do we need to implement round robin for AD redundancy or will you be adding secondary domain controller fields we can use?


Just to clarify this before implementing on large scale if need be.


Thank you,
James