SMTPS Encrypted traffic issues

Question

Hi TeamWe're currently relaying email to our SMTP cloud server over the internet. Our goal is to ensure the traffic to the cloud relay is encrypted. Right now, the internal servers send traffic in plain text to the F5, which then handles SSL encryption before forwarding to the cloud.I've tried two methods to set this up but I'm running into errors. Could someone suggest a reliable approach for encrypting this traffic.:Method1:Server &lt; Clear Text &gt; F5 VIP &lt; SMTPS Profile STARTTLS&gt; CloudServerSend-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The serverresponse was: Must issue a STARTTLS command firstAt line:1 char:1+ Send-MailMessage -from " atest@xmail.com " -to "a ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept&nbsp; &nbsp;ion&nbsp; &nbsp; + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessageMethod2:Server &lt; Clear Text &gt; F5 VIP &lt; SSL Encryption (SSL profile)&gt; CloudServerError:Send-MailMessage : Unable to read data from the transport connection: An existing connection was forcibly closed bythe remote host.At line:1 char:1+ Send-MailMessage -from "atest@xmail.com" -to "a ...+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpExcept&nbsp; &nbsp;ion&nbsp; &nbsp; + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

sravs · Answer

Hi&nbsp;Method1: F5 does&nbsp;not inject STARTTLS negotiation on behalf of the client. The client itself must initiate STARTTLS. But your internal client is speaking plaintext SMTP, and doesn’t trigger STARTTLS.Method2: This also fails since the client sends plaintext, but the cloud server expects an SSL handshake, causing it to close the connection.If you want to implement SSL, you need to use both client and server SSL profiles, and the servers must support SSL as well. Are you using iApp ?

Forum Discussion

SMTPS Encrypted traffic issues

1 Reply

How I did it - "High-Performance S3 Load Balancing of Dell ObjectScale with F5 BIG-IP"

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Strange connection from VIP to suspicious IP on Internet

Struggling with Node.js API for Searching Profiles Across Multiple F5 Devices

Is it possible to properly log protobuf?

F5 Open telemetry issue

APM SSO Between NTLM and Forms Based

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Load Balancing TCP TLS Encrypted Syslog Messages

Encrypting Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS