SMTPS Encrypted traffic issues

Question

Hi TeamWe're currently relaying email to our SMTP cloud server over the internet. Our goal is to ensure the traffic to the cloud relay is encrypted. Right now, the internal servers send traffic in plain text to the F5, which then handles SSL encryption before forwarding to the cloud.I've tried two methods to set this up but I'm running into errors. Could someone suggest a reliable approach for encrypting this traffic.:Method1:Server &lt; Clear Text &gt; F5 VIP &lt; SMTPS Profile STARTTLS&gt; CloudServerSend-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The serverresponse was: Must issue a STARTTLS command firstAt line:1 char:1+ Send-MailMessage -from " atest@xmail.com " -to "a ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept&nbsp; &nbsp;ion&nbsp; &nbsp; + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessageMethod2:Server &lt; Clear Text &gt; F5 VIP &lt; SSL Encryption (SSL profile)&gt; CloudServerError:Send-MailMessage : Unable to read data from the transport connection: An existing connection was forcibly closed bythe remote host.At line:1 char:1+ Send-MailMessage -from "atest@xmail.com" -to "a ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept&nbsp; &nbsp;ion&nbsp; &nbsp; + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

sravs · Answer

Hi&nbsp;Method1: F5 does&nbsp;not inject STARTTLS negotiation on behalf of the client. The client itself must initiate STARTTLS. But your internal client is speaking plaintext SMTP, and doesn’t trigger STARTTLS.Method2: This also fails since the client sends plaintext, but the cloud server expects an SSL handshake, causing it to close the connection.If you want to implement SSL, you need to use both client and server SSL profiles, and the servers must support SSL as well. Are you using iApp ?

Forum Discussion

SMTPS Encrypted traffic issues

1 Reply

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Bash shell and ping command on F5 rseries

connect to an icap server, but is it possible to route only specific services to the virtual server?

What is the recommended TCP Profile settings monitor settings for ISO 8583 traffic in F5 Big IP ?

smtp port vs 25 and pool member 587

WAF Policy upload using AS3

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Load Balancing TCP TLS Encrypted Syslog Messages

Encrypting Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS