A bit involved as you've got 2 mail servers doing the job when you only need one.
stunnel is what it says on the tin, a secure tunnel. I use it to telnet to smtp.virginmedia.com and imap.virginmedia.com when I want to double check that the servers up and running. (Telnet only supports plain text connections - it doesn't handle SSL/TLS). I simply Telnet localhost on the listening ports and stunnel makes the onward connection for me.
telnet localhost 25
220 know-smtprelay-8-imp cmsmtp ESMTP server ready
quit
221 Closing connection. Good bye.
Connection to host lost.
stunnel comes with a default configuration that listens on ports 110, 143 and 25 and connects to gmail using ports 995, 993 and 465 respectively.. It took all of 5 minutes to amend the file.
; **************************************************************************
; * Include all configuration file fragments from the specified folder *
; **************************************************************************
;include = conf.d
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
; ***************************************** Example TLS client mode services
[vm-pop3]
client = yes
accept = 127.0.0.1:110
accept = ::1:110
connect = pop3.virginmedia.com:995
verifyChain = yes
CAfile = ca-certs.pem
checkHost = pop3.virginmedia.com
OCSPaia = yes
[vm-imap]
client = yes
accept = 127.0.0.1:143
accept = ::1:143
connect = imap.virginmedia.com:993
verifyChain = yes
CAfile = ca-certs.pem
checkHost = imap.virginmedia.com
OCSPaia = yes
[vm-smtp]
client = yes
accept = 127.0.0.1:25
accept = ::1:25
connect = smtp.virginmedia.com:465
verifyChain = yes
CAfile = ca-certs.pem
checkHost = smtp.virginmedia.com
OCSPaia = yes
For your usage I would have done the following.
Remove the POP3 and IMAP listeners
Change the listening port for the SMTP connector
; **************************************************************************
; * Include all configuration file fragments from the specified folder *
; **************************************************************************
;include = conf.d
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
; ***************************************** Example TLS client mode services
[vm-smtp]
client = yes
accept = 127.0.0.1:2025
accept = ::1:2025
connect = smtp.virginmedia.com:465
verifyChain = yes
CAfile = ca-certs.pem
checkHost = smtp.virginmedia.com
OCSPaia = yes
Then fire up stunnel and finally set your Exchange connector to send to localhost port 2025
stunnel can be found here::
https://www.stunnel.org/downloads.html
Try setting it up on a different machine first if you're worried about messing up the mail server setup.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks