cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
303
Views
10
Helpful
6
Replies
Beginner

TLS connection issue

Dear all

after configuring TLS in ESA (Destination control TLS preferred, Mail Policy-Default Policy Parameter TLS preferred). In order test it we send email and receive form different domains. It works as expected. But users complained that they were not able to send email to some domains. Actually they send email but other side not accept it. After checking TLS logs and message tracking i observed that email is sent from our ESA. but i don't understand why it didn't reach to destination. it is so urgent please help me to solve this problem.

6 REPLIES 6
Collaborator

Re: TLS connection issue

Track down a domain that won't accept the email.

Send mail to it.

Look at the tracking log for that mail...



My first guess is that your system and their's aren't agreeing on TLS version and/or ciphers to use.



Go to System Administration/SSL Configuration and tell us what your SSL config is for Outbound SMTP.






Highlighted
Beginner

Re: TLS connection issue

Hi. dont you think if tls mismatch occurs then monitor tracking would show failed tls event? It shows it is successful.

 

Cisco Employee

Re: TLS connection issue

Hello Ccns90,

I believe checking on the message tracking will be helpful. Are you able to see something like "received remote SMTP response '2.6.0" on the same?
Also, check for the DCID connection being formed from the ESA to the next hop and troubleshoot further.

Cheers,
Pratham
Beginner

Re: TLS connection issue

Hi Pratham

all i see is 

Message 1834733 to bob@test.com received remote SMTP response 'ok: Message 1054384 accepted'

Re: TLS connection issue

I have this problem very often..nearly always a certificate problem.

 

check the destination domain with this site

https://de.ssl-tools.net/mailservers

 

maybe you need to install  the certificate from the destination server.

 

You can get the certificate also from the site  (screenshot  1.jpg )

https://de.ssl-tools.net/mailservers

 

Install the certificate on (cisco ESA)

/network/certificates-->Edit Settings --> Custom List (export List)--->insert the certificate (PEM format) and reinstall the list (screenshot 2.jpg)

Beginner

Re: TLS connection issue

Hi

We have mail.company.com certificate.But we have added Cisco ESA's default certificate. do you thing it would cause that issue?

 

I will test one more thing and i will turn you back with the result. thanks