![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
Set Postmaster Address
By default, the value of the external postmaster address setting is blank.
This default value sets the external postmaster address to the value
postmaster@<Default accepted domain> for your organization.
There's no mailbox associated with the postmaster@<Default accepted domain> email address.
Set
Set-TransportConfig –ExternalPostmasterAddress [email protected]
Checking
Get-TransportConfig | Format-List ExternalPostmasterAddress
SendConnector
scoped send connector
When you mark a send connector as scoped, this means it can only be used by Exchange 2007/2010 hub transport or Exchange 2013 mailbox servers in the same Active Directory site as the send connector.
If not selected, the connector can be used by all transport servers in the Exchange environment
send connector Cost
A lower cost value indicates a preferred connector.
If both connectors have the same cost and proximity
then it will select the connector that comes first alphabetically.
IgnoreSTARTTLS
Set-SendConnector "NoTLS" -IgnoreSTARTTLS $true
whether to ignore the StartTLS option offered by a remote sending server.
Get-SendConnector -Identity "NoTLS" | fl
TLS 的 Log
TIME,Default Sender Connector,ID,2,LOCAL_IP:32630,REMOTE_IP:25,<,220 mail.recipient.domain ESMTP Postfix, TIME,Default Sender Connector,ID,3,LOCAL_IP:32630,REMOTE_IP:25,>,EHLO mail.sender.domain, ... TIME,Default Sender Connector,ID,4,LOCAL_IP:32630,REMOTE_IP:25,<,250-mail.recipient.domain, TIME,Default Sender Connector,ID,8,LOCAL_IP:32630,REMOTE_IP:25,<,250-STARTTLS, ... TIME,Default Sender Connector,ID,13,LOCAL_IP:32630,REMOTE_IP:25,>,STARTTLS, TIME,Default Sender Connector,ID,14,LOCAL_IP:32630,REMOTE_IP:25,<,220 2.0.0 Ready to start TLS, ... TIME,Default Sender Connector,ID,15,LOCAL_IP:32630,REMOTE_IP:25,*,,Sending certificate TIME,Default Sender Connector,ID,16,LOCAL_IP:32630,REMOTE_IP:25,*,CN=*.sender.domain,Certificate subject TIME,Default Sender Connector,ID,17,LOCAL_IP:32630,REMOTE_IP:25,*,"CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, ... TIME,Default Sender Connector,ID,18,LOCAL_IP:32630,REMOTE_IP:25,*,3F349BC877A92D7E3019616D5D4D1F9E,Certificate serial number TIME,Default Sender Connector,ID,19,LOCAL_IP:32630,REMOTE_IP:25,*,9B9C3D3CB95E0B28D5B0A24E01C207CE4CDFC955,Certificate thumbprint TIME,Default Sender Connector,ID,20,LOCAL_IP:32630,REMOTE_IP:25,*,*.sender.domain;sender.domain,Certificate alternate names TIME,Default Sender Connector,ID,21,LOCAL_IP:32630,REMOTE_IP:25,*,,Received certificate TIME,Default Sender Connector,ID,22,LOCAL_IP:32630,REMOTE_IP:25,*,F982D6962E42F9086416F1920BD18005AA42BE3C,Certificate thumbprint TIME,Default Sender Connector,ID,23,LOCAL_IP:32630,REMOTE_IP:25,>,EHLO mail.sender.domain, TIME,Default Sender Connector,ID,24,LOCAL_IP:32630,REMOTE_IP:25,<,250-mail.recipient.domain, TIME,Default Sender Connector,ID,24,LOCAL_IP:32630,REMOTE_IP:25,<,250-..., # No "250-STARTTLS"
* Local 並非用 25/tcp outgoing
* 用 EHLO 去查 Server 是否支援 STARTTLS
* 交換 Cert. "Sending certificate" 及 "Received certificate"
* 第2次的 EHLO 就沒有 STARTTLS