I have a C160 and I am having a problem configuring TLS.
I have created and installed the SSL certificate
I have added the necessary destinations
I have created the SMTP routes
I have tested this and it works fine.
I have then created another gateway so that mail can go out through a different route and out to specific customers.
This is where the problem is as the mail goes through the gateway as expected and gets delivered but without TLS. If I send the message through the standard gateway and to the Internet it is TLS encrypted.
I know I am missing something but I don'tknow what
just a guess, do you redirect mail to that new gateway with a filter that has an alt-mailhost action? In this case, you'd have to add the gateway (host name or IP address) as a new destination in the destination control, and enable TLS for it. Otherwise, as the alt-mailhost action has changed the destination, only the default settings will apply.
I think you need to amend the default Destination control (Mail Policies/Destination Controls) on the sending Ironport to specify TLS Preferred in order for TLS to be used. You may also need to disable certificate verification if it is a self-signed cert that your are using.