locked
Email sent to gmail error encryption related to TLS1.2 RRS feed

  • Question

  • Dear MS Technical

    All are configured to send and receive well.

    However, emails sent from exchange to gmail will receive, but the domain has not encrypt this message.


    I checked the email header to see the email server exchange part is running TLS

     "by mailserver (ip local) with Microsoft SMTP Server (TLS) id 15.1.225.42"

    I have compared with other Exchange systems I am doubting that the error related to TLS.12 must be enabled.

    Email from exchange good sent to gmail security TLS 1.2 correct


    Please help resolve.

    Many thanks

    Tuesday, December 17, 2019 5:58 PM

Answers

  • Check your mail server with this tool: https://www.checktls.com/TestReceiver

    That will give you an idea of whether TLS is available on your systems from the Internet. If you have a Cisco ASA (or any other firewall, really), make sure it's not configured to perform deep packet inspection on SMTP. Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges so it can read the messages, so you want it turned off.


    Adam Brown

    MCSE, CISSP

    Blog: AC Brown's IT World

    Catapult Systems

    Tuesday, December 17, 2019 6:57 PM

All replies

  • Check your mail server with this tool: https://www.checktls.com/TestReceiver

    That will give you an idea of whether TLS is available on your systems from the Internet. If you have a Cisco ASA (or any other firewall, really), make sure it's not configured to perform deep packet inspection on SMTP. Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges so it can read the messages, so you want it turned off.


    Adam Brown

    MCSE, CISSP

    Blog: AC Brown's IT World

    Catapult Systems

    Tuesday, December 17, 2019 6:57 PM
  • Hi Adam Thanks so much. I check again and report after
    Wednesday, December 18, 2019 5:20 AM
  • Hi,

    We helped you cover your email addresses, please don't forget to cover your personal information next time.

    What's the detailed version of your Exchange 2016?

    Please make sure all required registry keys are created to enabled TLS 1.2 for incoming and outgoing connections. You can check this blog for more details: Exchange Server TLS guidance Part 2: Enabling TLS 1.2 and Identifying Clients Not Using It

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, December 18, 2019 6:10 AM
  • Hi Lydia Zhou,

    Thanks, I will note hide inform next time.

    Thanks again.


    Wednesday, December 18, 2019 8:11 AM
  • It's great that you can get useful information in our forum. Here is a brief summary about this thread.

    Issue Symptom:

    Emails sent from exchange to gmail will receive, but the domain has not encrypt this message. I checked the email header to see the email server exchange part is running TLS.

    Possible Cause:

    Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges.

    Suggestions:

    Make sure TLS 1.2 is enabled correctly for incoming and outgoing connections, and TLS is available on your systems from the Internet.

    If you have a Cisco ASA or any other firewall, make sure it's not configured to perform deep packet inspection on SMTP. Deep packet inspection forcibly blocks the STARTTLS verb in mail exchanges so it can read the messages, so you want it turned off.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, December 19, 2019 6:13 AM
  • Dear Lydia Zhou,

    My problem is resolve . My cisco asa blocks StartTLS

    thanks again

    Monday, January 6, 2020 1:46 PM
  • Glad to hear that, and thanks for your sharing. If you have any other issues about Exchange server, please feel free to post in our forum.

    Have a nice day.

    Regards,

    Lydia Zhou


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, January 7, 2020 1:16 AM