• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2153
  • Last Modified:

TLS email to partner failing

Hi, I have a SBS2008 single server with exchange 2007 and am trying to send Secure TLS email to a partner Domain.
Both Domains have certificates from Godaddy. After sending a message it sits in the queue until it fails.
Looking in the send connector logs I can see that after the certificates get exchanged and the message is being sent I get the error below

492,sending message
2013-09-28T00:00:39.225Z,TLS Domains,08D089F435CE61B1,42,,,>,MAIL FROM:<steve@mydomain.org.uk> SIZE=3781,
2013-09-28T00:00:39.225Z,TLS Domains,08D089F435CE61B1,43,,,>,"RCPT TO:<john@otherdomain.com> NOTIFY=SUCCESS,FAILURE,DELAY",
2013-09-28T00:00:44.263Z,TLS Domains,08D089F435CE61B1,44,,,<,451 4.7.3 The admin has temporarily disallowed this secure domain,
2013-09-28T00:00:49.271Z,TLS Domains,08D089F435CE61B1,45,,,<,503 5.5.2 Need mail command,

I must have made a configuration error in the connectors, but cannot see where.

  • 2
  • 2
1 Solution
First thing to check are
- make sure the certificate is bound to the smtp service
- check the send connectors and make sure the are configured with the name cover in the cert
- check that tls does work, you can use something like this site to test it http://www.checktls.com/

you can start off with opportunistic TLS to see if it goes before enforcing
Stev0WIT CONTRACTORAuthor Commented:
Hi irweazelwallis, Thanks for the reply.

Mail.mydomin.org.uk is a subject alternative name on the UCC certificate.

Here is the result of checktls.com

Trying TLS on mail.mydomain.org.uk[] (10):


test stage and result

[000.117]  Connected to server  
[000.231] <-- 220 remote.mydomain.org.uk Microsoft ESMTP MAIL Service ready at Sun, 29 Sep 2013 21:02:55 +0100  
[000.237]  We are allowed to connect  
[000.238] --> EHLO checktls.com  
[000.354] <-- 250-remote.mydomain.org.uk Hello []
250-SIZE 41943040
[000.355]  We can use this server  
[000.868]  TLS is an option on this server  
[000.869] --> STARTTLS  
[000.977] <-- 220 2.0.0 SMTP server ready  
[000.977]  STARTTLS command works on this server  
[001.563]  Cipher in use: AES128-SHA  
[001.563]  Connection converted to SSL  
[001.601]  Certificate 1 of 3 in chain:
subject= /O=remote.mydomain.org.uk/OU=Domain Control Validated/CN=remote.mydomain.org.uk
issuer= /C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification
All Looks good, but when I  create the send connector with the partners Domain, add them to the TLSSendDomainSecureList  and enable it. I get the result in the first post.
I am going to delete the send and receive connectors I have setup for TLS & try to configure them again later today. will let you know how it goes. Any tips would be welcome.
when you re-create it post up the setting on the connector

security and authentication tab
Stev0WIT CONTRACTORAuthor Commented:
Hi irweazelwallis
Here are the tabs on the receive connector.

I am about to restart the transport service, but will wait for your comments first.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now