Email sent to gmail error encryption related to TLS1.2

All replies

• 

  

  1

  Sign in to vote

  Check your mail server with this tool: https://www.checktls.com/TestReceiver

  That will give you an idea of whether TLS is available on your systems from the Internet. If you have a Cisco ASA (or any other firewall, really), make sure it's not configured to perform deep packet inspection on SMTP. Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges so it can read the messages, so you want it turned off.

  ---

  Adam Brown

  MCSE, CISSP

  Blog: AC Brown's IT World

  Catapult Systems

  • Marked as answer by Phuong, Nguyen Van Wednesday, December 18, 2019 4:26 PM

  Tuesday, December 17, 2019 6:57 PM
• 

  

  0

  Sign in to vote

  Hi Adam Thanks so much. I check again and report after

  Wednesday, December 18, 2019 5:20 AM
• 

  

  0

  Sign in to vote

  Hi,

  We helped you cover your email addresses, please don't forget to cover your personal information next time.

  What's the detailed version of your Exchange 2016?

  Please make sure all required registry keys are created to enabled TLS 1.2 for incoming and outgoing connections. You can check this blog for more details: Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It

  Regards,
  

  Lydia Zhou

  ---

  Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Wednesday, December 18, 2019 6:10 AM
• 

  

  0

  Sign in to vote

  Hi Lydia Zhou,

  Thanks, I will note hide inform next time.

  Thanks again.

  
  

  • Edited by Phuong, Nguyen Van Wednesday, December 18, 2019 8:11 AM

  Wednesday, December 18, 2019 8:11 AM
• 

  

  1

  Sign in to vote

  It's great that you can get useful information in our forum. Here is a brief summary about this thread.

  Issue Symptom:

  Emails sent from exchange to gmail will receive, but the domain has not encrypt this message. I checked the email header to see the email server exchange part is running TLS.

  Possible Cause:

  Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges.

  Suggestions:

  Make sure TLS 1.2 is enabled correctly for incoming and outgoing connections, and TLS is available on your systems from the Internet.

  If you have a Cisco ASA or any other firewall, make sure it's not configured to perform deep packet inspection on SMTP. Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges so it can read the messages, so you want it turned off.

  Regards,
  

  Lydia Zhou

  ---

  Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Thursday, December 19, 2019 6:13 AM
• 

  

  0

  Sign in to vote

  Dear Lydia Zhou,

  My problem is resolve . My cisco asa blocks StartTLS

  thanks again

  Monday, January 6, 2020 1:46 PM
• 

  

  1

  Sign in to vote

  Glad to hear that, and thanks for your sharing. If you have any other issues about Exchange server, please feel free to post in our forum.

  Have a nice day.

  Regards,
  

  Lydia Zhou

  ---

  Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Tuesday, January 7, 2020 1:16 AM