I'm try to test that my Exchange 2010 SP3 UP23 is actually offering TLS on incoming SMTP emails. I have a 3rd party cert installed and assigned to the SMTP service. The default receive connector has the correct FQDN (our external MX ) , Authenication is TLS and Permission Group is Anonymous. I test my SMTP using MXtoolbox.com and it says my server does not offer TLS, but in the SMTP receive logs on my server i find the mxtoolbox.com connection and it has 250-StartTLS listed. i have also Telnet to my exchange server and it also does NOT show 250-StartTLS.
what am i missing? why do the server logs say TLS is offered, but the other end doesn't get it?
Exchange is running on WIn Srv 2008R2, fully updated, with TLS 1.0,1.1, and 1.2