asked on
MSsqlserver TLS
We are getting below error in our MS SQL server 2016 when sending database emails. And when tried sending email through telnet, getting attached error. (Use SSL is already tick marked in SQL db profile)
‘The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 1 (2022-02-11T15:29:24). Exception Message: Cannot send mails to mail server. (Failure sending mail.). )’
I have come across below link which might have solution on it but I am not sure about it and its a production database server so don't want to risk it.
https://dba.stackexchange.com/questions/213608/enable-tls-1-2-for-sql-server-2016-database-mail
It seems issue is related to TLS settings on Windows server 2016 or SQL server 2016. The registry mentioned in above link is not present in server. Can you suggest how can we resolve this issue? Also recently we have implemented Office 365 federation with Okta and we have tried sending the email from database using onmicrosoft.com email address to bypass okta but its still failing - still not sure if Okta federation has to do anything with the issue.
ASKER
Telnet != TLS
Telnet can't + never will be able to speak TLS.
This type of debugging is best done with a debugging tool, not a database.
The way I do this type of debugging... which is dirt simple...
1) Start with SWAKS first, to verify you understand what's required to send your email.
This will verify your user/pass for authentication
2) Next you'll require a working relay, like https://MailGun.com on an in-house MTA.
Best to start with MailGun or something similar, rather than debugging your in-house MTA.
Then after your mail delivery is working, switch to your in-house MTA... fixing any problems you encounter...
3) Example syntax to use... where MailGun is your relay... which will change if you're using another relay...
swaks -s smtp.mailgun.org:587 -tlsp tlsv1_3 -auth -au $user -ap $pass --from=$from --header "Test Message: $(date)" --to=$to
4) You can experiment with the TLS settings to correctly target highest (most secure) TLS protocol your relay supports.
ASKER
Sending through telnet will definitely fail since you probably can't manually replicate the SSL handshake.
I would first try to make sure that your port in your mail account configuration is set to 587 (the typical port supporting STARTTLS). Then triple check your credentials.