0

I am having a problem where inbound mail from outside only works when sent from certain hosts.

For example, when I send myself an email from my personal gmail account all is well, as the logs show:

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 EHLO 250 - -

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 STARTTLS 220 - -

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 STARTTLS 220 - -

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 EHLO 250 - -

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 MAIL 250 - -

2012-09-05 18:14:16 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 RCPT 250 - -

2012-09-05 18:14:48 209.85.223.175 mail-ie0-f175.google.com SMTPSVC1 MAILSVR 192.168.1.79 0 QUIT 240 - -

However, if I sent from my personal Yahoo account, I get this response:

Sorry, we were unable to deliver your message to the following address.
<my.email@mycompany.com>: Remote host said: 530 5.7.0 Must issue a
STARTTLS command first [MAIL_FROM]

(NB: Nothing appeared in the smtp log for this message.)

Any suggestions where to start looking?

EDIT ----

I don't know if it matters, but the certificate I am using for TLS is self signed.

EDIT 2

I'm now using a real trusted ssl cert. OWA works fine now with no browser warnings. BUT I still get the same failure reply to messages from my yahoo account.

Kev
  • 249
  • 1
  • 10

2 Answers2

2

Remote host said: 530 5.7.0 Must issue a STARTTLS command first

Means your mail server is rejecting connections from mail servers that don't negotiate a TLS connection. Follow the instructions here to correct that (by not making TLS mandatory).

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
  • That article seems to apply to outbound security only. My problem is with inbound security. I checked my smtp-out connector anyway - Anonymous Access is selected, TLS Encryption is not. Thoughts? – Kev Sep 05 '12 at 19:59
  • @Kryptonite I think you should probably check your inbound connectors for TLSm given that the problem is on inbound mail. – HopelessN00b Sep 05 '12 at 20:05
  • I checked Default SMTP virtual server. TLS is enabled. If I disable it the problem remains. – Kev Sep 05 '12 at 20:15
  • The problem remains, but is the error message still the same? If it is, restart the exchange SMTP service and see what happens. – adamo Sep 06 '12 at 08:16
1

For inbound connections e.g. from Yahoo you need to look at your Receive Connectors at Server Configuration -> Hub Transport

Under the Authentication tab you may find you have the "Offer basic authentication only after starting TLS" ticketd. Try unticking this to see if it works:

enter image description here

Phil
  • 3,168
  • 1
  • 22
  • 29
  • I don't see this. I'm using Exchange 2003 on SBS 2003. – Kev Sep 06 '12 at 11:00
  • ok, sorry didn't realise - I'm not familiar with the management UI for that but I suspect there will be something similar. A quick google showed up this artcile which discusses your problem http://support.microsoft.com/kb/329061 – Phil Sep 06 '12 at 12:03
  • That's the same article as HopelessN00b posted above. It refers to Outbound Security, not inbound. With inbound seurity it looks like the only thing I can configure is the Default SMTP Virtual Server. – Kev Sep 06 '12 at 12:16