Receive Connector Properties > Authentication Tab

 

Applies to: Exchange Server 2007 SP3, Exchange Server 2007 SP2, Exchange Server 2007 SP1

Use the Authentication tab on the Receive connector properties to set security mechanisms on incoming Simple Mail Transfer Protocol (SMTP) connections.

  • Transport Layer Security
    Select this option to offer Transport Layer Security (TLS) transmission for all messages that are received by this connector. When you select this option, the STARTTLS keyword is advertised in the EHLO response to connecting SMTP servers, and TLS authentication is accepted.
  • Enable Domain Security (Mutual Auth TLS)
    To instruct this Receive connector to accept a mutual TLS connection from a remote server, select this check box. In addition to selecting this check box, you must also perform the following to enable mutual TLS:

    • Generate a certificate request for TLS certificates

    • Import a certificate to Edge Transport servers

    • Configure inbound domain security

    • Configure outbound domain security

    • Test mail flow

    For more information about how to configure mutual TLS, see How to Configure Mutual TLS for Domain Security.

  • Basic Authentication
    Select this option to offer Basic authentication for all mail that is received by this connector.

    When you select Basic Authentication, the AUTH keyword is advertised in the EHLO response to connecting SMTP servers, and Basic authentication is accepted. Because the user name and password are sent in clear text when Basic authentication is used, Basic authentication without encryption is not recommended.

    • Offer Basic Authentication only after starting Transport Layer Security   When you select this option, the connector will start TLS first, and then after TLS encryption is complete, the connector will offer Basic authentication.
  • Exchange Server authentication
    Select this option to authenticate to a smart host by using a Microsoft Exchange authentication mechanism, such as TLS direct trust or Kerberos through TLS.
  • Integrated Windows authentication
    Select this option to use integrated Microsoft Windows authentication, which represents NTLM, Kerberos, and Negotiate authentication mechanisms.
  • Externally Secured (for example, with IPsec).
    Use this option if the connection to the smart host is secured by external means, for example, if the connection is physically secured over a private network or over Internet Protocol security (IPsec). When you select this option, you make an assertion of external security that cannot be programmatically verified by Exchange Server. Before you select this authentication method, you must first select the Exchange servers permissions group on the Permission Groups tab.
  • Apply
    To save your changes without closing the dialog box, click Apply.

For More Information

For more information, see the following topics: