Knowledge Base

KB Categories

Popular KB Articles

Force TLS between Exchange On Premise and Useit Fax Service (useitfax.com)

Problem:

By default, fax-to-email and email-to-fax messages between Exchange On Premise and Useit Fax Service are sent and received in clear. In order to encrypt these messages, TLS must be enabled and forced between the Exchange On Premise server and Useit Fax Service.

The Solution:

From Your Exchange On Premise Server:

  1. Open Exchange Management Console.
  2. Expand Organization Configuration > Hub Transport and click on the Send Connectors tab.
    Exchange Management Console

  3. Create a new Send Connector, using any name you prefer.

    4. Create a New Send Connector for useitfax.com.

  4. Click Add > SMTP Address Space.

    5. Add SMTP Address Space for useitfax.com Send Connector.

  5. In the Address Space field, type useitfax.com.

    6. Add useitfax.com as SMTP domain.

  6. Enable the option to Use domain name system (DNS) “MX” records to route mail automatically.

    7. Use DNS and MX Record to lookup useitfax.com.

  7. Select the source Exchange Server.

    8. Select the source Exchange Server used to send messages to useitfax.com.

  8. Verify the details of the new Send Connector. If everything looks correct, click New to finish creating the connector.

    9. Verify new Useitfax.com Send Connector details.

    The new Send Connector uses Opportunistic TLS by default. To force TLS on the new connector, you must run the following PowerShell commandlet.

  9. Launch Exchange Management Shell.
  10. Run the following cmdlet to view the current Send Connector properties. This example assumes the name of the send connector is Useitfax.com.

    11. Get-SendConnector “Useitfax.com” |fl

    Show properties of new Send Connector useitfax.com

    You can see that the SendConnector is not requiring TLS.

  11. Run the following cmdlet to require TLS. This example assumes the name of the send connector is Useitfax.com.

    12. Set-SendConnector “Useitfax.com” -RequireTls $true -TlsAuthLevel DomainValidation -TlsDomain *.useitfax.com

    Set-Send Connector cmdlet for useitfax.com

  12. Run again the following cmdlet to view the current Send Connector properties to confirm that TLS is required. This example assumes the name of the send connector is Useitfax.com.

    13. Get-SendConnector “Useitfax.com” |fl

    Get-SendConnector cmdlet for useitfax

Now all mail send from your Exchange On Premise Server to *.useitfax.com will be protected with TLS.

Additional Note:

If viewing the properties of the SendConnector, on the Network tab, you will see that the value of Enable Domain Security (Mutual Auth TLS) is not selected. This is the CORRECT configuration.