Re: Smtp relay authentication on port 587

sv7 · ‎10-29-2022

Hi All,

Currently SMTP port 25 is configure on our IronPort for smtp relay authentication for mail communication, but now want to configure with SMTPS port 587.

Can anyone share any document related to such changes also what will be the users impact for such changes in production environment.

Device - C390

Current Version. 14.0.0-698

balaji.bandi · ‎10-29-2022

as I do not remember having tested this, but the below guide help you : (since we moved to Citrix LB for SMTP relay)

https://www.cisco.com/c/en/us/td/docs/security/esa/esa13-5-1/user_guide/b_ESA_Admin_Guide_13-5-1/b_ESA_Admin_Guide_12_1_chapter_011011.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sv7 · ‎11-01-2022

Do i need downtime for doing such changes ?

Ken Stieers · ‎11-01-2022

No, this won't cause any downtime. Set up the SMTP auth query first.
Then add the listener and choose the query you set up earlier.

sv7 · ‎11-11-2022

Thank you

thomashowe · ‎08-24-2023

All,

When I test the SMTP Gateway on my ISE Deployment using smtp.office365.com I am getting a SSL Error, see attached screen shot. Now when I researched this, I found a Cisco ISE PDF Created by one of the TAC Engineers that covers this same error on page 8 of 10, see attached PDF called "ISE v3 Configure SMTP.pdf"

This is what the PDF says:

Problem: Test connection shows: "Could not connect to SMTP Server, SSL Error. Please check
the trusted certificates".

Solution: Import Root CA Certificate of the SMTP server in the ISE Trusted Certificates and if TLS
support is configured on the port.

The question I have is this: How or where can I get the Root CA for smtp.office365.com??? Or is this an ISE Trusted Certificate that I need to create or import from Cisco?