Has anyone successfully setup DLP Email Prevent in an inline configuration between MS Exchange and MS Forefront online WITH TLS encryption?
Architecture is basically:
MS Exchange SMTP connector send to smarthost-->DLP Email Prevent forward next hop to-->MS Forefront (mail.messaging.microsoft.com)
What I am experiencing is mail routing works perfectly fine as long as TLS is not enabled...with TLS enabled however, mail queues up on the Exchange server. I have imported the public key from the MS Forefront server into the Email prevent keystore so I can get a little further in the TLS handshake according to the logs, but it still drops the connection.
If someone has this working, could let me know:
-How did you go about sourcing the public key cert from MS Forefront? (only way I could do this was using openSSL and copy/pasting the certificate hash into a test file)
-What relay address are you specifying in the DLP as the next hop? (mail.messaging.microsoft.com is presenting a certificate for mail.global.frontbridge.com)
-What version of Exchange are you running?