ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Unsolved O365 Outbound email issue

    IT Discussion
    o365 office 365 exchange online email cert certificate certificate authority
    4
    12
    3400
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBusch
      JaredBusch last edited by JaredBusch

      I have email that refuses to send to a vendor I use.

      I have TLS required on all outbound email. I have a couple of connectors allowing non-TLS to certain people.The recipient mail server accepts TLS according to MXToolbox.
      ee128bc6-8ff4-4668-9dbb-dc1883cb6591-image.png

      The error message is UntrustedRoot

      Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=UntrustedRoot] [LastAttemptedServerName=snowflakem-d.com] [LastAttemptedIP=66.96.140.92:25] [BN7NAM10FT007.eop-nam10.prod.protection.outlook.com]};{MSG=UntrustedRoot};{FQDN=snowflakem-d.com};{IP=66.96.140.92};{LRT=8/12/2020 8:55:47 PM}]. OutboundProxyTargetIP: 66.96.140.92. OutboundProxyTargetHostName: snowflakem-d.com
      

      I made a connector to not require TLS and I also tried Require TLS but allow any cert (even self signed). But it still gives this error.
      0b041716-c0aa-44ad-950c-d79793671c95-image.png

      The MX Lookup says the IP belongs to the Endurance group which owns things like hostgator https://www.endurance.com/our-brands

      1 Reply Last reply Reply Quote 1
      • J
        JasGot last edited by JasGot

        Take at look at the certs using this. The cert for your vendor, not you.

        https://www.checktls.com/TestReceiver

        See if it shows a hint.

        Like a problem with the cert or their root or intermediate cert. Or even, the wrong cert.

        JaredBusch 1 Reply Last reply Reply Quote 1
        • JaredBusch
          JaredBusch @JasGot last edited by

          @JasGot said in O365 Outbound email issue:

          Take at look at the certs using this. The cert for your vendor, not you.

          https://www.checktls.com/TestReceiver

          See if it shows a hint.

          Like a problem with the cert or their root or intermediate cert. Or even, the wrong cert.

          I had never heard of that site.. That is fucking awesome..

          And proves there is a self signed cert. but that does not explain why MS still cares..
          2bef4ccb-0e96-4cca-abdb-604fa6585e2e-image.png

          scottalanmiller J 2 Replies Last reply Reply Quote 0
          • Dashrender
            Dashrender last edited by

            61ad90e7-cc80-45f0-ac8c-94226bbe9e53-image.png

            This is why, MS killed TLS v1. I think v1.1 was also killed.

            JaredBusch 1 Reply Last reply Reply Quote 0
            • Dashrender
              Dashrender last edited by

              06b5b9af-a642-4634-baff-2479d5380532-image.png https://blogs.perficient.com/2019/07/24/office-365-is-retiring-tls-1-0-and-1-1-why-you-should-care/

              1 Reply Last reply Reply Quote 0
              • scottalanmiller
                scottalanmiller @JaredBusch last edited by

                @JaredBusch we use it a lot, I seem to do SO many cert tasks these days, Ugh.

                Dashrender 1 Reply Last reply Reply Quote 0
                • JaredBusch
                  JaredBusch @Dashrender last edited by JaredBusch

                  @Dashrender said in O365 Outbound email issue:

                  61ad90e7-cc80-45f0-ac8c-94226bbe9e53-image.png

                  This is why, MS killed TLS v1. I think v1.1 was also killed.

                  That is not the problem. TLSv1 for SMTP works fine.

                  Nothing that Microsoft has posted affects SMTP. it affects connectivity to Office 365 form your browsers and apps.

                  1 Reply Last reply Reply Quote 0
                  • Dashrender
                    Dashrender @scottalanmiller last edited by

                    @scottalanmiller said in O365 Outbound email issue:

                    @JaredBusch we use it a lot, I seem to do SO many cert tasks these days, Ugh.

                    can you add the cert tag to this post?

                    Or do we need a new thread with just that site in the OP to tag?

                    1 Reply Last reply Reply Quote 0
                    • J
                      JasGot @JaredBusch last edited by

                      @JaredBusch said in O365 Outbound email issue:

                      I had never heard of that site.. That is fucking awesome..

                      Glad you like it! It helps identify SO MANY issues.... 🙂

                      1 Reply Last reply Reply Quote 0
                      • JaredBusch
                        JaredBusch last edited by

                        For the record, even though I made the above connector and it failed to verify, I did save the connector. Apparently, that was enough as email is sending now.

                        Dashrender 1 Reply Last reply Reply Quote 1
                        • Dashrender
                          Dashrender @JaredBusch last edited by

                          @JaredBusch said in O365 Outbound email issue:

                          For the record, even though I made the above connector and it failed to verify, I did save the connector. Apparently, that was enough as email is sending now.

                          So which connector is solving this - the TLS regardless of cert condition, or the No-TLS

                          JaredBusch 1 Reply Last reply Reply Quote 0
                          • JaredBusch
                            JaredBusch @Dashrender last edited by

                            @Dashrender said in O365 Outbound email issue:

                            @JaredBusch said in O365 Outbound email issue:

                            For the record, even though I made the above connector and it failed to verify, I did save the connector. Apparently, that was enough as email is sending now.

                            So which connector is solving this - the TLS regardless of cert condition, or the No-TLS

                            I only left the TLS regardless of cert, so it has to be that one.

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post