I am trying to enable TLS for my organization. We use a Websense SMTP server on the outside edge of our network and an exchange 2003 box on the inside. I have installed a certificate (verisign) on the websense smtp server for TLS use and do not have one on my internal exchange server since we feel it is not necessary to encrypt from the websense server to the exchange server.
The problem that is occurring is that when I enable TLS (allow it to be inspected and used) on our ASA I cannot send or receive emails from my exchange server. I think the problem is that the exchange server is responding to the EHLO command with a starttls command and the exchange 2003 server does not have a certificate installed.
I have attached a document with the wireshark packet capture on the communication between the 2 for a specific email I sent from the outside and also a snippet of all the communication between the servers. The websense server (10. network) server is able to receive the email from outside with no issues, it is only when the communicateion between the websense and exchange 2003 sever occurs the errors happen.
Is the issue with TLS? Or is there something else going on here?