Enabling TLS with SMTP on Exchange 2016

I have an Exchange 2016 server with self signed certificate, the issue is that when I send a mail to gmail it goes to spam and saying "message not encrypted". I have assigned the certificate to SMTP from Exchange certificate wizard. The mail I send is from Outlook Web App.

Output of get-SendConnector | fl

addressSpaces                : {SMTP:*;1}
AuthenticationCredential     :
CloudServicesMailEnabled     : False
Comment                      :
ConnectedDomains             : {}
ConnectionInactivityTimeOut  : 00:10:00
ConnectorType                : Default
DNSRoutingEnabled            : True
DomainSecureEnabled          : False
Enabled                      : True
ErrorPolicies                : Default
ForceHELO                    : False
Fqdn                         : exchange.*******.com
FrontendProxyEnabled         : False
HomeMTA                      : Microsoft MTA
HomeMtaServerId              : EXCHANGE
Identity                     : *******
IgnoreSTARTTLS               : False
IsScopedConnector            : False
IsSmtpConnector              : True
MaxMessageSize               : 35 MB (36,700,160 bytes)
Name                         : ******
Port                         : 25
ProtocolLoggingLevel         : None
Region                       : NotSpecified
RequireOorg                  : False
RequireTLS                   : False
SmartHostAuthMechanism       : None
SmartHosts                   : {}
SmartHostsString             :
SmtpMaxMessagesPerConnection : 20
SourceIPAddress              : 0.0.0.0
SourceRoutingGroup           : Exchange Routing Group (DWBGZMFD01QNBJR)
SourceTransportServers       : {EXCHANGE}
TlsAuthLevel                 :
TlsCertificateName           :
TlsDomain                    :
UseExternalDNSServersEnabled : False

Best Answer

The following is assuming that your Exchange server is sending the emails to 3rd party systems. If your Exchange server is relaying the emails to a 3rd party server (e.g. an AntiSpam/Antivirus) environment you need to configure StartTLS there.

You need to configure STARTTLS on your Exchange environment. To troubleshoot that you should perform the following:

1.) Check if you have STARTTLS enabled on your Exchange Server (see here for a howto)

2.) Check if you have a valid SSL certificate bound to your Exchange server (see here for a howto). By the way the best option to assign the certificate is via powershell as I have seen that the GUI is often not working as expected when assigning certificates.

3.) Check if you have IgnoreSTARTTLS set to true (should be on false):

get-SendConnector -identity [send connector name] | set-SendConnector -IgnoreSTARTTLS: $false

After that restart the Microsoft Exchange Transport Service.

Best Answer

Related Solutions

Exchange 2010 – Exchange 2016 co-existence and migration

Can’t connect to Exchange 2016 with port 587 TLS

Related Topic