> Hi,

> I'm using the built-in smtp service in Windows 2003 Server. I want to
> be  able to use the STARTTLS command to receive email. In the IIS
> Manager Console window I have an instance of the Default SMTP Virtual
> Server.
> Under  the Access tab of the Properties window for this virtual server
> I have  installed a Certificate for Secure Communication. I was under
> the impression  that when a certificate was installed the server would
> then be able to  receive email with the STARTTLS command, however when
> I logon to the server  and issue an EHLO command I do not see STARTTLS
> advertised. ("250-STARTTLS" is not in the list) How can I get STARTTLS to
> be advertised?

> Thanks.

"Daniel Crichton" <msn***@worldofspack.com> wrote in message
news:ebDRin9$JHA.4608@TK2MSFTNGP02.phx.gbl...
>
> dekopolis wrote  on Wed, 8 Jul 2009 08:52:33 -0500:
>
>> Hi,
>
>> I'm using the built-in smtp service in Windows 2003 Server. I want to
>> be  able to use the STARTTLS command to receive email. In the IIS
>> Manager Console window I have an instance of the Default SMTP Virtual
>> Server.
>> Under  the Access tab of the Properties window for this virtual server
>> I have  installed a Certificate for Secure Communication. I was under
>> the impression  that when a certificate was installed the server would
>> then be able to  receive email with the STARTTLS command, however when
>> I logon to the server  and issue an EHLO command I do not see STARTTLS
>> advertised. ("250-STARTTLS" is not in the list) How can I get STARTTLS to
>> be advertised?
>
>> Thanks.
>
> Have you tried just issuing the STARTTLS command from the connection?
> According to http://www.rfc-editor.org/rfc/rfc2487.txt there should be 3
> possible responses:
>
> 220 Ready to start TLS
> 501 Syntax error (no parameters allowed)
> 454 TLS not available due to temporary reason
>
> so you should be able to tell if it's working by the response to the
> command.
>
> STARTTLS has nothing do with receiving email though - it's the command to
> tell the server that you want to set up an encrypted connection over TLS
> (formerly known as SSL). If you want to receive email from the server you
> will need to look into adding a POP3 or IMAP service, the SMTP service
> only receives email or sends it to another server. The only other command
> I can think of that you might be looking for is ETRN which tells the SMTP
> service to start sending mail out to a specific server, but it still won't
> let you actually retrieve the mail directly, it can only be sent to
> another SMTP server.
>
> --
> Dan
>

> On 7/8/2009 9:39 AM, Daniel Crichton wrote:
>> STARTTLS has nothing do with receiving email though - it's the
>> command to tell the server that you want to set up an encrypted
>> connection over TLS (formerly known as SSL).

> STARTTLS and SSL are quite different things when it comes to SMTP.

> SSL protected SMTP (a.k.a. SMTPS) runs on TCP port 465 and is a full
> (read: from start to finish) SSL connection.

> Where as STARTTLS is a way for a sending server to tell the receiving
> server that it wants to switch to TLS encryption on the current
> connection.  Usually the current connection is to the MTA on TCP port 25,
> though it could equally be the the MSA on TCP port 25.

> The main fact about STARTTLS is that it starts out cleartext and then
> switches to TLS cyphertext on the same connection.  Where as SSL is
> encrypted from the get go.