Share via

Issue External Mail Authentication with STARTTLS on Exchange 2019

Natanael Sigit 41 Reputation points
2023-06-14T03:29:15.3766667+00:00

Hi all,

Currently we have one particular server that required to sending email using our domain.

I created another receive connector that have only specific scope for allowed send email from external.

What i have done, i created the TlsCertificateName under the receive connector and set the port 587.

as the Authentication i set enable TLS, Basic Authentication, Exchange Authentication

and the permission group i set at Exchange Servers, Legacy Exchange Servers, and Exchange Users

Here's when we tried to communicate via STARTTLS

220 XX**** Microsoft ESMTP MAIL Service ready at Wed, 14 Jun 2023 08:51:54 +0700

EHLO XX****

250-XX**** Hello [XXX.XXX.XXX.XXX]

250-SIZE 37748736

250-PIPELINING

250-DSN

250-ENHANCEDSTATUSCODES

250-STARTTLS

250-X-ANONYMOUSTLS

250-AUTH LOGIN

250-X-EXPS GSSAPI NTLM

250-8BITMIME

250-BINARYMIME

250-CHUNKING

250-SMTPUTF8

250 XRDST

STARTTLS

220 2.0.0 SMTP server ready

EHLO XX****

Connection closed by foreign host.

Is there anything that i should fix to make the configuration work for sending email from our external server ?

Thanks

Exchange Exchange Server Other
Exchange Exchange Server Management
Exchange Other
0 comments
Accepted answer
  1. Kael Yao 37,746 Reputation points Moderator
    2023-06-15T06:28:53.4466667+00:00

    Hi @Natanael Sigit

    After STARTTLS you got the response 220 2.0.0 SMTP server ready, which means Exchange is waiting for your server to establish the TLS negotiation.

    Please refer to rfc3207.

    After receiving a 220 response to a STARTTLS command, the client MUST start the TLS negotiation before giving any other SMTP commands.

    While since you are seeing the AUTH LOGIN option, I suppose you do not have "Offer basic authentication only after starting TLS" checked.

    If you would like to authenticate without TLS, you can also use AUTH LOGIN then input credentials encoded with base64.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Natanael Sigit 41 Reputation points
    2023-06-15T09:02:18.2133333+00:00

    Hi Kael,

    Thank you for your response. I just got the command that i need to running the negotiate of TLS.
    And the issue already resolved.

    Cheers,

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.