I have an Exchange 2016 server with self signed certificate, the issue is that when I send a mail to gmail it goes to spam and saying "message not encrypted". I have assigned the certificate to SMTP from Exchange certificate wizard. The mail I send is from Outlook Web App.
Output of get-SendConnector | fl
addressSpaces : {SMTP:*;1}
AuthenticationCredential :
CloudServicesMailEnabled : False
Comment :
ConnectedDomains : {}
ConnectionInactivityTimeOut : 00:10:00
ConnectorType : Default
DNSRoutingEnabled : True
DomainSecureEnabled : False
Enabled : True
ErrorPolicies : Default
ForceHELO : False
Fqdn : exchange.*******.com
FrontendProxyEnabled : False
HomeMTA : Microsoft MTA
HomeMtaServerId : EXCHANGE
Identity : *******
IgnoreSTARTTLS : False
IsScopedConnector : False
IsSmtpConnector : True
MaxMessageSize : 35 MB (36,700,160 bytes)
Name : ******
Port : 25
ProtocolLoggingLevel : None
Region : NotSpecified
RequireOorg : False
RequireTLS : False
SmartHostAuthMechanism : None
SmartHosts : {}
SmartHostsString :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress : 0.0.0.0
SourceRoutingGroup : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers : {EXCHANGE}
TlsAuthLevel :
TlsCertificateName :
TlsDomain :
UseExternalDNSServersEnabled : False
Best Answer
The following is assuming that your Exchange server is sending the emails to 3rd party systems. If your Exchange server is relaying the emails to a 3rd party server (e.g. an AntiSpam/Antivirus) environment you need to configure StartTLS there.
You need to configure STARTTLS on your Exchange environment. To troubleshoot that you should perform the following:
1.) Check if you have STARTTLS enabled on your Exchange Server (see here for a howto)
2.) Check if you have a valid SSL certificate bound to your Exchange server (see here for a howto). By the way the best option to assign the certificate is via powershell as I have seen that the GUI is often not working as expected when assigning certificates.
3.) Check if you have IgnoreSTARTTLS set to true (should be on false):
After that restart the Microsoft Exchange Transport Service.