You are following the correct method by ensuring that authenticated SMTP client connections in your Exchange Server environment are encrypted with TLS. You see the need for TLS when using legacy protocols such as POP or IMAP on your Exchange server.
Exchange Server TLS Certificate Name Structure
If clients want to authenticate with an unencrypted connection, they may receive a warning like the one below;
The outgoing server (SMTP) mail.domain.com does not support the selected authentication method.
To use Exchange Server as SMTP during installation Client Frontend It comes with a connector called. Frontend Connector uses port 587. Frontend connector also performs authentication with port 587.
Depending on the email service, you may receive a certificate warning for TLS.
To avoid such problems and errors, you must use TLS encryption for SMTP clients. Enabling an SSL certificate for the SMTP service does not mean that you are using TLS; the connector must be configured with the TLS Name.
Configuring Exchange Server Connector TLS
Note: The TlsCertificateName parameter specifies the X.509 certificate to be used in TLS and secure mail.
You can use the following method to specify the TlsCertificateName;
Our first command is Get-ExchangeCertificate. With this command, we can view the Thumbprint numbers of the certificates installed in our environment. We copy the thumbprint code of the Certificate we will use on the TLS side.
Get-ExchangeCertificate
Then we need to define our certificate as a variable and use the thumbprint code we copied.
$cert = Get-ExchangeCertificate -Thumbprint "Thumbprint Number"
In the third step, we need to define another variable for the certificate issuer and subject value.
$tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
Once we have defined our variables, we can configure them without having to write a long line for TlsCertificateName.
Set-ReceiveConnector "ServerName\Client Frontend ServerName" -TlsCertificateName $tlscertificatename
If there is more than one server, you need to do this for each server.