Export (0) Print
Expand All
Expand Minimize

Receive Connector Properties > Authentication Tab


Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1

Topic Last Modified: 2006-10-17

Use the Authentication tab on the Receive connector properties to set security mechanisms on incoming Simple Mail Transfer Protocol (SMTP) connections.

Transport Layer Security

Select this option to offer Transport Layer Security (TLS) transmission for all messages that are received by this connector. When you select this option, the STARTTLS keyword is advertised in the EHLO response to connecting SMTP servers, and TLS authentication is accepted.

Enable Domain Security (Mutual Auth TLS)

To instruct this Receive connector to accept a mutual TLS connection from a remote server, select this check box. In addition to selecting this check box, you must also perform the following to enable mutual TLS:

  • Generate a certificate request for TLS certificates

  • Import a certificate to Edge Transport servers

  • Configure inbound domain security

  • Configure outbound domain security

  • Test mail flow

For more information about how to configure mutual TLS, see How to Configure Mutual TLS for Domain Security.

Basic Authentication

Select this option to offer Basic authentication for all mail that is received by this connector.

When you select Basic Authentication, the AUTH keyword is advertised in the EHLO response to connecting SMTP servers, and Basic authentication is accepted. Because the user name and password are sent in clear text when Basic authentication is used, Basic authentication without encryption is not recommended.

  • Offer Basic Authentication only after starting Transport Layer Security   When you select this option, the connector will start TLS first, and then after TLS encryption is complete, the connector will offer Basic authentication.

Exchange Server authentication

Select this option to authenticate to a smart host by using a Microsoft Exchange authentication mechanism, such as TLS direct trust or Kerberos through TLS.

Integrated Windows authentication

Select this option to use integrated Microsoft Windows authentication, which represents NTLM, Kerberos, and Negotiate authentication mechanisms.

Externally Secured (for example, with IPsec).

Use this option if the connection to the smart host is secured by external means, for example, if the connection is physically secured over a private network or over Internet Protocol security (IPsec). When you select this option, you make an assertion of external security that cannot be programmatically verified by Exchange Server. Before you select this authentication method, you must first select the Exchange servers permissions group on the Permission Groups tab.


To save your changes without closing the dialog box, click Apply.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

© 2014 Microsoft