Forum Discussion

PowerRangers's avatar
PowerRangers
Icon for Cirrostratus rankCirrostratus
Jul 21, 2025

SMTPS Encrypted traffic issues

Hi Team

We're currently relaying email to our SMTP cloud server over the internet. Our goal is to ensure the traffic to the cloud relay is encrypted. Right now, the internal servers send traffic in plain text to the F5, which then handles SSL encryption before forwarding to the cloud.

I've tried two methods to set this up but I'm running into errors. Could someone suggest a reliable approach for encrypting this traffic.

:

Method1:
Server < Clear Text > F5 VIP < SMTPS Profile STARTTLS> CloudServer


Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server
response was: Must issue a STARTTLS command first
At line:1 char:1
+ Send-MailMessage -from " atest@xmail.com " -to "a ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
   ion
    + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage


Method2:
Server < Clear Text > F5 VIP < SSL Encryption (SSL profile)> CloudServer

Error:
Send-MailMessage : Unable to read data from the transport connection: An existing connection was forcibly closed by
the remote host.
At line:1 char:1
+ Send-MailMessage -from "atest@xmail.com" -to "a ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept
   ion
    + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

1 Reply

  • Hi 

    Method1: F5 does not inject STARTTLS negotiation on behalf of the client. The client itself must initiate STARTTLS. But your internal client is speaking plaintext SMTP, and doesn’t trigger STARTTLS.

    Method2: This also fails since the client sends plaintext, but the cloud server expects an SSL handshake, causing it to close the connection.

    If you want to implement SSL, you need to use both client and server SSL profiles, and the servers must support SSL as well. Are you using iApp ?