Is there a way to configure TLS encryption without authentication in Exchange 2010 on send and receive connectors?

are you looking for mutual TLS? http://technet.microsoft.com/en-us/library/bb430753.aspx Thiyagu | MCTS/MCITP - Exchange 2007 | MCSE 2003[Messaging] | http://www.myExchangeWorld.com. This posting is provided "AS IS" with no warranties, and confers no rights.

I don't think so. -Bpara

Create a new connector and only select TLS and on permission select AnonymousYanir Ben-Nun / System Team Leader / IT / IS Professional

Thanks guys for the response. It's not about mutual TLS or Anonymous authentication on TLS I don't want any kind of authentication between sender/receving server except encrypted communication. Any expert comments/solution?

I understand from the IETF RFCs on SMTP and TLS that the authentication mechanism in a TLS session is determined based on the TLS cipher suite negotiated by the sending and receiving servers and that 3 different types of TLS cipher suites are available: 1. PKI based cipher suites: TLS certificates are used for authentication in this type of authentication mechanism. 2. Non-PKI based cipher suites based on Kerberos v5: This is used for setting up SMTP sessions between hub transport servers within the Exchange organization. TLS certificates are NOT used for authentication in this type of authentication mechanism; they are used only for encryption. The authentication mechanism used is Kerberos. This is implemented in the form of the X-ANONYMOUSTLS command verb in E2K7 and E2K10. 3. Anonymous TLS cipher suite. Probably this is what I am interested in, but I am not sure if this actually means anonymous connections over TLS. I also understand that there it is possible to implement external authentication mechanism (AUTH EXTERNAL command verb) under the TLS layer; but there does not seem to be an option to do this on the Exchange Receive and Send Connectors. TLS and Externally authenticated are two separate authentication mechanisms that can be configured on the connectors and there is no way to combine them unlike the Basic Authentication over TLS option. Documentations on certificate selection process seem to suggest the STARTTLS command is not advertised at all if TLS authentication is not enabled on the connector. Basically, I don’t want the TLS certificates to be used for authentication; they should be used only for encrypting SMTP sessions using NO authentication or Externally Secured Authentication. Is this possible? Any thoughts?