Forum Discussion
JGCovalt
Nimbostratus
NimbostratusSMTP Traffic Forward to M365 on Port 587
We're working on tranisitioning away from using our internal Exchange servers for SMTP, and instead pointing to M365 directly via the F5. I have had success sending anonymous traffic on port 25, but ...
hi JGCovalt, congrats on inheriting the BIG-IP! Welcome to the community, and hopefully we can assist. Just a couple comments/resources to get you thinking before the long weekend:
- Currently, do you have only port 25 virtual server and port 25 pool members, or do you have listeners/pool members for both 25/587?
- Do you need to observe/act on secured mail arriving from client or server, or just route it?
- Solutions for supporting cleartext and tls-encrypted mail
- Codeshare - https://community.f5.com/t5/codeshare/starttls-server-smtp-with-cleartext-and-starttls-client-support/ta-p/287751
- Codeshare - https://community.f5.com/t5/codeshare/smtp-start-tls/ta-p/291390
- Article - https://community.f5.com/t5/technical-articles/advanced-irules-smtp-start-tls/ta-p/287499
zamroni777
Nacreous
Nacreousi suggest you do tcpdump in f5, client and smtp servers to see details of of tls session setup.
probably the cipher list of client and server doesnt have any match so they cant make the session.