0

I have an Exchange 2016 server with self signed certificate, the issue is that when I send a mail to gmail it goes to spam and saying "message not encrypted". I have assigned the certificate to SMTP from Exchange certificate wizard. The mail I send is from Outlook Web App.

Output of get-SendConnector | fl

addressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
ConnectorType                : Default
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : exchange.*******.com
FrontendProxyEnabled         : False
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : EXCHANGE
Identity                     : *******
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : 35 MB (36,700,160 bytes)
Name                         : ******
Port                         : 25
ProtocolLoggingLevel         : None
Region                       : NotSpecified
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {EXCHANGE}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : False
janos
  • 808
  • 1
  • 6
  • 22
Akhil krishna A
  • 111
  • 1
  • 3
  • 7

2 Answers2

0

The following is assuming that your Exchange server is sending the emails to 3rd party systems. If your Exchange server is relaying the emails to a 3rd party server (e.g. an AntiSpam/Antivirus) environment you need to configure StartTLS there.

You need to configure STARTTLS on your Exchange environment. To troubleshoot that you should perform the following:

1.) Check if you have STARTTLS enabled on your Exchange Server (see here for a howto)

2.) Check if you have a valid SSL certificate bound to your Exchange server (see here for a howto). By the way the best option to assign the certificate is via powershell as I have seen that the GUI is often not working as expected when assigning certificates.

3.) Check if you have IgnoreSTARTTLS set to true (should be on false):

get-SendConnector -identity [send connector name] | set-SendConnector -IgnoreSTARTTLS: $false

After that restart the Microsoft Exchange Transport Service.

BastianW
  • 2,868
  • 4
  • 20
  • 34
  • Hi, 1> The STARTTLS has already enabled on the server 2> Installed SSL using the powershell using this command `Enable-ExchangeCertificate -Thumbprint 9963DCA0F56736D235DD145C7F0EB6C63CA54859 -Services POP,IMAP,IIS,SMTP` Getting error while check for certificate on port 25 but success on the port 587 `openssl s_client -connect exchange.*******.com:25 -starttls smtp CONNECTED(00000003) didn't found starttls in server response, try anyway...` 3> IgnoreSTARTTLS is already set to false` – Akhil krishna A Dec 13 '17 at 08:37
  • You normally have different Send connectors and based on your output I would say you modified the wrong send connector as starttls should be enabled on port 25, otherwise this might explain the issue you have. Can you update your original posting with the output from "get-SendConnector | fl" and replace any sensitive information please? – BastianW Dec 13 '17 at 10:42
  • udated the post with the output of `get-SendConnector | fl`. – Akhil krishna A Dec 14 '17 at 04:27
0

The issue was not with the exchange server, the ESMTP inspect feature (enabled by default) in the Cisco ASA was dropping the packets. I have disable the ESMTP inspection feature and now allows the emails with TLS enabled.

Akhil krishna A
  • 111
  • 1
  • 3
  • 7