0

Hi everyone i'm having issues with SMTP notifications connecting on port 587 with TLS.

Right now I have an internal Exchange 2016 server and all email works great. I have a few customers who have software (mainly backup software) that can have SMTP notifications setup. In order to do this, I need to connect to my SMTP server.

If I connect using port 25 all mail and tests seem to work fine. If I tell it to use TLS and port 587, however, the connection never goes through. I've tried going through the default receive connector and making sure my SSL cert is bound to the connection. Ive forwarded 587 on my firewall and verified everything else, but it just won't work.

I did notice that in the documentation the default connector on 587 is used for IMAP/POP accounts. In this case its SMTP notifications so I'm not sure if that matters. Its just a backup software with an option to specify SMTP server, port, and login creds.

Anyone have any idea of what I could be missing or what could possibly be locking this out? I feel like im misunderstanding something or missing something obvious as everything I've looked into is configured properly.

Any help would be greatly appreciated!!

MindExplosion
  • 11
  • 1
  • 6

1 Answers1

1

Most reasons here are that the SSL certificate which is used for 587 on the Exchange Server is an self signed certificate and not trusted on the 3rd party environment (e.g. the OS where the Backup Software is running on). You could easily check which certificate is used on port 587 with openSSL (see here):

openssl s_client -connect -starttls smtp exchange01.int.contoso.com:587

If that shows an selfsigned certificate you need to replace it (see here):

Enable-ExchangeCertificate -Thumbprint 434AC224C8459924B26521298CE8834C514856AB -Services SMTP

BastianW
  • 2,848
  • 4
  • 19
  • 34
  • 1
    openssl s_client -connect -starttls smtp exchange01.int.contoso.com:587 – Jacob Evans Mar 28 '17 at 11:53
  • I did verify this and ran the command to ensure my paid cert is set. Looking at the bottom of the openssl text under SSL-Session it says: Protocal TLSv1 – MindExplosion Mar 28 '17 at 17:17
  • I had to have the host after the -connect argument or I would get errors about specifying a port. 'openssl s_client -starttls smtp -connect exchange01.int.contoso.com:587' – partyd Jan 17 '22 at 22:56