Wordpress/Easy WP SMTP Error Sending TLS Secured Mail to Exchange 2016 On-Prem Server

Question

I have a non-domain joined Windows Server 2012R2 web server hosting Wordpress with the Easy WP SMTP plugin in our DMZ. It is supposed to send email to our internal Exchange 2016 server for things like alerts, new sign-ups, etc. It used to be using unsecured SMTP over port 25 but we are trying to configure it to use TLS on port 587. But, I cannot get it to send as the Exchange Server keeps rejecting the connection:

    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,0,10.0.0.44:587,192.168.200.3:58156,+,,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,1,10.0.0.44:587,192.168.200.3:58156,>,"220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 30 Mar 2020 08:25:53 -0500",
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,2,10.0.0.44:587,192.168.200.3:58156,<,EHLO www.domain.com,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,3,10.0.0.44:587,192.168.200.3:58156,>,250  mail.domain.com Hello [192.168.200.3] SIZE 36700160 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,4,10.0.0.44:587,192.168.200.3:58156,<,STARTTLS,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,5,10.0.0.44:587,192.168.200.3:58156,>,220 2.0.0 SMTP server ready,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,6,10.0.0.44:587,192.168.200.3:58156,*," CN=*.domain.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB 4F8D1253CAE6C3AA06ED0310EAA39158 827CCAB98B7AC22709CBC1408C74CCED89060C98 2020-03-17T19:00:00.000Z 2021-03-18T18:59:59.000Z *.domain.com;domain.com",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
    2020-03-30T13:26:08.998Z,<Rcv Conn>,08D7D3F917D985E4,7,10.0.0.44:587,192.168.200.3:58156,*,,TLS negotiation failed with error CertUnknown
    2020-03-30T13:26:08.998Z,<Rcv Conn>,08D7D3F917D985E4,8,10.0.0.44:587,192.168.200.3:58156,-,,Local

The certificate is fine because lots of other TLS connections on 587 work without any problemns.

score 0 · Answer 1 · answered Mar 31 '20 at 02:50

0

Based on your error messages, this issue seems to be related with certificate.

What about other external users? All external emails cannot be received, or only external emails sent by this web server?

I suggest you check if you enable SMTP service in certificate, and run this below command to set RequireTLS to True, check if it works:

Set-ReceiveConnector "<receive connector name>" -RequireTLS $true

Here’s a similar thread for your reference. TLS negotiating failed

answered Mar 31 '20 at 02:50

Joy Zhang

1,057
1
5
5

Thanks for your reply. It was only external emails from our website that had an issue. As it turns out, the problem was the SMTP plugin we were using. I changed to a different plugin and all is working fine now. – Caynadian Mar 31 '20 at 14:40
Thanks for your sharing :) – Joy Zhang Apr 01 '20 at 07:33

score 0 · Accepted Answer · answered Mar 31 '20 at 14:41

0

The issue was the Easy WP SMTP plugin. Switched to Postman SMTP and everything is working properly now.

answered Mar 31 '20 at 14:41

Caynadian

442
2
10
25

Wordpress/Easy WP SMTP Error Sending TLS Secured Mail to Exchange 2016 On-Prem Server

2 Answers2