Enabling TLS Encryption for Remote Domains

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1

If you choose not to use Transport Layer Security (TLS) encryption for the Simple Mail Transfer Protocol (SMTP) virtual server, but you select the TLS encryption check box for this remote domain, SMTP will use it when connecting to the remote domain. Domain configurations always override the virtual server configurations.

Important

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc systemroot\system32\inetsrv\iis.msc".

Procedures

To enable TLS encryption for a remote domain

1. In IIS Manager, expand the SMTP virtual server, and then click Domains.

2. In the details pane, right-click the remote domain you want to change, and click Properties.

3. On the General tab, click Outbound Security.

4. Click Integrated Windows Authentication.

5. In the Account box, type the Windows account; and in the Password box, type the password.

6. Select the TLS encryption check box, and then click OK.

Note

If the remote domain does not support TLS encryption, all messages will be returned with a non-delivery report (NDR).