SMTP Traffic Forward to M365 on Port 587
We're working on tranisitioning away from using our internal Exchange servers for SMTP, and instead pointing to M365 directly via the F5. I have had success sending anonymous traffic on port 25, but have not been able to get the secure/port 587 traffic to send. We have some applications that require this, as they're sending e-mails outside our domain, which fails via anonymous port 25 SMTP.
We have a pool pointed to smtp.office365.com that shows it is able to send traffic on port 587 and get a handshake response, and I've confirmed our firewall should be allowing through traffic. However, when attempting to send test traffic on port 587 with authentication (via Powershell's Send-MailMessage command), I get the error "The remote certificate is invalid according to the validation procedure."
I've tried adding our mail certificate to the F5 and configuring it as both the client and server certificate, without luck. In fact, if I configure it as the server certificate for the virtual server on the F5, the error message does change but still fails (Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.)
The individual who originally set up our F5, and who knew the most about its configuration, has retired, so I'm trying to figure this out with no internal guidance.
Has anyone successfully been able to get authenticated port 587 traffic to forward through the F5 to M365 that can provide some advice?
hi JGCovalt, congrats on inheriting the BIG-IP! Welcome to the community, and hopefully we can assist. Just a couple comments/resources to get you thinking before the long weekend:
- Currently, do you have only port 25 virtual server and port 25 pool members, or do you have listeners/pool members for both 25/587?
- Do you need to observe/act on secured mail arriving from client or server, or just route it?
- Solutions for supporting cleartext and tls-encrypted mail
- Codeshare - https://community.f5.com/t5/codeshare/starttls-server-smtp-with-cleartext-and-starttls-client-support/ta-p/287751
- Codeshare - https://community.f5.com/t5/codeshare/smtp-start-tls/ta-p/291390
- Article - https://community.f5.com/t5/technical-articles/advanced-irules-smtp-start-tls/ta-p/287499