At wit's end - cannot figure this one out.
On an internet facing Exchange 2010 without an edge server there are three receive connectors. One receive connector is set up to listen on port 587 on all IP addresses. One receive connector is set up to listen on port 25 with internal IP addresses. One receive connector is set up to listen on port 25 with all IP addresses. All receive connectors in the management console have identical settings.
STARTTLS is offered by the port 587 receive connector when inbound mail comes from port 587 (from the Internet and internally). Checked with checktls.com. It connects and works with the wildcard certificate proffered by the Exchange server.
STARTTLS is not offered when inbound mail comes from port 25 (from the Internet). Also checked with checktls.com. STARTTLSis offered with an internal connection to port 25.
FYI - On any other port other than 25 the connector offers TLS (if so configured) from the Internet. On port 25 from the Internet 'SIZE', 'DNS' and 'AUTH' only are offered.
This is on Exchange 2010 Rollup 8 SP2 which I believe is the latest SP.
All settings in the Exchange management console for the receive connectors are identical under Server Configuration->Hub transport. Port 587 receive connector is called 'Client Exchange' the port 25 receive connector is called 'Default Exchange'. No certificate errors on Port 587 with a TLS connection.
All help is appreciated! Some setting must have changed but I just cannot figure it out. TLS over SMTP has never worked on port 25 on this server and has always worked on port 587.
An untangle router is used to forward port 25 and port 587 directly to the mail server. The ports directed to are the same as the inbound ports.
Also strange is that the send connector will not connect with TLS to checkTLS.com.
Thanks.