We are unable to receive emails from external domains over TLS, they are accepted over non TLS channels. It does not appear the internet receive connector on our on-premises exchange server box is not offering the STARTTLS option. (I am trying to figure out why).
If I check internally using "telnet mail.domain.com 25" then I can see that STARTTLS is offered.
If I check externally I see no STARTTLS offered.
This tells me that the internet email comes over a different connector than what I just tested.
I have checked all my receive connectors on my on-premises exchange server and ALL have the AuthMechanism showing TLS.
What receive connector handles inbound external emails?
What should I look for on that connector to verify that it can handle TLS connections and offer up the STARTTLS option?
Does the FQDN on the receive connector have to match the certification name?