Not seeing STARTTLS advertised in EHLO but SMTP logs show it?

Exchange 2010 SP3ur8 on 2008R2 SP1 fully patched, single server, static IP address, default settings with self-signed SMTP certificate and Internet receive connector setup for TLS.  Email, OWA, Activesync all working fine, ESET mail security 4.5.  Sorry
if this is long, I tried everything I could think of...
I was fixing an issue with Reverse DNS Mismatch (had the ISP change it) and noticed a "Warning - Does not support TLS."  with the mxtoolbox SMTP test which I thought odd as it showed that we weren't advertising STARTTLS after receiving an EHLO:
220 remote.DOMAINNAME Microsoft ESMTP MAIL Service ready at Thu, 15 Jan 2015 09:42:10 -0700 [718 ms]
EHLO MXTB-PWS3.mxtoolbox.com
250-remote.DOMAINNAME Hello [64.20.227.133]
250-SIZE 10485760
250-DSN
250 AUTH [780 ms]
MAIL FROM: <[email protected]>
I checked the SmtpReceive logs (which I set to verbose for this test) and they showed it was sending STARTTLS (along with a bunch of other stuff):
SERVERNAME,08D1FEF1B5FADEE4,2,10.0.0.1:25,64.20.227.133:57925,>,"220 remote.DOMAINNAME Microsoft ESMTP MAIL Service ready at Thu, 15 Jan 2015 09:42:10 -0700",
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,3,10.0.0.1:25,64.20.227.133:57925,<,EHLO MXTB-PWS3.mxtoolbox.com,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,4,10.0.0.1:25,64.20.227.133:57925,>,250-remote.DOMAINNAME Hello [64.20.227.133],
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,5,10.0.0.1:25,64.20.227.133:57925,>,250-SIZE 10485760,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,6,10.0.0.1:25,64.20.227.133:57925,>,250-PIPELINING,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,7,10.0.0.1:25,64.20.227.133:57925,>,250-DSN,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,8,10.0.0.1:25,64.20.227.133:57925,>,250-ENHANCEDSTATUSCODES,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,9,10.0.0.1:25,64.20.227.133:57925,>,250-STARTTLS,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,10,10.0.0.1:25,64.20.227.133:57925,>,250-AUTH,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,11,10.0.0.1:25,64.20.227.133:57925,>,250-8BITMIME,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,12,10.0.0.1:25,64.20.227.133:57925,>,250-BINARYMIME,
2015-01-15T16:42:11.826Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,13,10.0.0.1:25,64.20.227.133:57925,>,250 CHUNKING,
2015-01-15T16:42:12.609Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEE4,14,10.0.0.1:25,64.20.227.133:57925,<,MAIL FROM:<[email protected]>,
To make sure I was talking to the expected receive connector I disabled the others and doubled my maximum message size.  I then tried checktls.com, same result:
Trying TLS on mail.DOMAINNAME[184.69.225.118] (5):
seconds test stage and result
[000.206] Connected to server
[000.322] <--
220 remote.DOMAINNAME Microsoft ESMTP MAIL Service ready at Thu, 15 Jan 2015 09:45:17 -0700
[000.322] We are allowed to connect
[000.323] -->
EHLO checktls.com
[000.436] <--
250-remote.DOMAINNAME Hello [69.61.187.232]
250-SIZE 20971520
250-DSN
250 AUTH
[000.437] We can use this server
[000.437] TLS is not an option on this server
[000.438] -->
MAIL FROM:<[email protected]>
As you can see it shows the new SIZE but the SmtpReceive logs again show it was sending STARTTLS: 
2015-01-15T16:45:18.167Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,2,10.0.0.1:25,69.61.187.232:47498,>,"220 remote.DOMAINNAME Microsoft ESMTP MAIL Service ready at Thu, 15 Jan 2015 09:45:17 -0700",
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,3,10.0.0.1:25,69.61.187.232:47498,<,EHLO checktls.com,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,4,10.0.0.1:25,69.61.187.232:47498,>,250-remote.DOMAINNAME Hello [69.61.187.232],
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,5,10.0.0.1:25,69.61.187.232:47498,>,250-SIZE 20971520,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,6,10.0.0.1:25,69.61.187.232:47498,>,250-PIPELINING,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,7,10.0.0.1:25,69.61.187.232:47498,>,250-DSN,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,8,10.0.0.1:25,69.61.187.232:47498,>,250-ENHANCEDSTATUSCODES,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,9,10.0.0.1:25,69.61.187.232:47498,>,250-STARTTLS,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,10,10.0.0.1:25,69.61.187.232:47498,>,250-AUTH,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,11,10.0.0.1:25,69.61.187.232:47498,>,250-8BITMIME,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,12,10.0.0.1:25,69.61.187.232:47498,>,250-BINARYMIME,
2015-01-15T16:45:18.390Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,13,10.0.0.1:25,69.61.187.232:47498,>,250 CHUNKING,
2015-01-15T16:45:18.502Z,SERVERNAME\Internet Receive SERVERNAME,08D1FEF1B5FADEED,14,10.0.0.1:25,69.61.187.232:47498,<,MAIL FROM:<[email protected]>,
I even tried a telnet session and it did the exact same thing.  Only thing that is different between the logs (other than the missing 250- entries is the "250-AUTH" has no dash in the telnet (and the other test sites) output which apprently is
only done for the last line - not sure how that could change?? (or am I not looking at the right log?)
Very confused as to how this can happen.  I have:
- verified the certificates are OK, not expired, have the correct remote.DOMAINNAME name
- checked the event logs, nothing
- checked my firewall and it is setup to pass SMTP through for our server. 
- tried disabling ESET for a bit and repeated tests - same result.
- looks like TLS is working when we send emails based on SmtpSend logs, maybe with the self signed cert this is normal on receive?
Anyone have any other ideas?  Thanks
-- Al

Figured it out, it was my firewall settings.  Its an older Untangle box that didn't support TLS, probably need to upgrade it but disabling SMTP filtering fixed the issue.
Thanks
-- Al

Similar Messages

  • I can not see videos on safari YouTube but I can hear the sounds what should I do?

    I can not see videos on safari YouTube but I can hear the sounds of the video I use a iPad 2 plz help

    There is another thread with same issue. You can see that here-
    http://support.mozilla.com/en-US/questions/823830?s=flash+videos+not+working&as=s

  • On my iPhone 5 (since activating with iTunes Match), I CAN NOT see all my music. There are artists that I can not see, nor their songs. BUT I can see them on the iPad3 and on iTunes on my PC.

    I can NOT see all my songs on iPhone5 since activating iTunes Match about a week ago!
    ALL songs are available on my iPad3
    ALL songs are available on my Win7 computer iTunes
    I just did:
    Transfer purchases from iPhone and a Music Sync
    NOTHING. Tunes and artists are still NOT SHOWING on my iPhone5\
    BUYING another copy makes it available on te iPhone, but at double the price
    However, some show as PURCHASED, so I can't get another copy on the iPhone
    There are MAJOR PROBLEMS with iTUNES MATCH!
    This problems is ONLY on the iPhone 5

    It might take a while (30 minutes or more) for the initial sync to finish.
    When it finishes, here's how to see all you desktop bookmarks:
    # Press the "Search" button on your Android phone, or tap in the Firefox address bar.
    # Press the "Bookmarks" button (with a star icon).
    # Tap the "Desktop Bookmarks" folder.

  • MBAM not seeing PCs with Bitlocker enabled, but AD does

    I am new to this, and I am just getting the servers up and functional in a test environment. Anyway, I first enabled in group policy, the option to save Bit-locker keys in AD. This works just fine. However, the next step is to have a MBAM server running
    also so either the Help Desk or an Administrator (or even the individual with the issue) can resolve an issue. The problem I am running into with MBAM (2.0 Update 1), is that it is not seeing the PC/laptop in question after Bit-locker is enabled. The help
    desk reports site, acts like it is running, but it never finds the laptop that has Bit-locker enabled. Is there another box or GP that needs to be applied?
    Adam Demeter

    The URLs in question are provided at the bottom of the
    How to Install and Configure MBAM on a Single Server documentation on TechNet. These should be accessible from the client for proper communication to occur.
    Brandon
    MDOP on the Springboard Series on TechNet

  • When I try to lounch Firefox I can not see it on my screen, but it works in a background

    Usual it happens after the windows is working for an our or more (not from the start). No matter if I try to activate it from the shortcut from the desktop or from program files list from HD. I know that it is opened in background because, when I shutdown the computer it asked me shall I keep the tabs etc....
    If I tried to open it several times it opens every time but I just can not see it (not even in the Taskbar).

    Reset SMC.     http://support.apple.com/kb/HT3964
    Choose the method for:
    "Resetting SMC on portables with a battery you should not remove on your own".
    If this does not help, contact Apple.
    Best.

  • Extras notes --- iPod works fine in iTunes, but doesn't show up in Windows

    Hi all!
    Gotta wierd situation.
    My iPod works fine in iTunes.
    I have had 'Enable for Disk Use' enabled for a long time. However, my iPod doesn't show up under My Computer on WinXP.
    I'd like to add some new Notes and remove some old ones, but you have to do that thru Windows, not thru iTunes.
    Any ideas how to fix this problem?

    hi marky!
    i noticed one thing. the iPod is formated as FAT32, but i have my HD in NTFS. could this be related?
    no, that one's normal. we need to leave her as FAT32. see:
    iPod no longer plays music after formatting or partitioning the hard disk
    hmmmmm. it's like the "enable disk use" setting is just refusing to stick for you.
    but maybe we've got a window of oppportunity while it's doing that initial sync. the rules seem to be different for you then.
    maybe try switching enable disk use off. then eject her, and plug her back in again (while you've got itunes already running).
    the second she shows up in the itunes sourcelist, try diving into the preferences tab, and re-enabling disk use.
    (i checked, and it's possible for me to do this with attractive beast ... hoping here that doing the "enable disk use" under these circumstances might get it to stick for you.)
    love, b

  • Ipod is not connect to windows or itunes but it still shows up on ipod

    i had to re set my ipod the other day and ever since then it will NOT connect to windows of itunes but every time it shows up on the ipod that it is connected!

    Welcome to the discussions,
    try again to reset by holding the sleep and home button until the Apple logo comes up again. If still no luck, restore "as new ipod"
    Restoring: http://support.apple.com/kb/HT1414

  • Itunes and Airport admin do not see AE on one computer, but do on other

    I have a network that is connected to the internet via a Linksys router. I have set up the Airport Express to redistribute the signal via WDS. I have a Mac desktop connected to the network and it can see the AE in the Airport Admin, and it can broadcast music via iTunes to the stereo attached to the AE.
    However, my Powerbook that is also attached to this network cannot "see" the AE via the Airport Admin or iTunes. In the admin I can manually connect to the AE by typing in the AE's local IP address.
    I know there have been other threads on this, and I have read them all and tried the suggestions. I have connected the AE directly to the Powerbook with an ethernet cable and it still does not show up. I have changed the AE's name and rebooted the computer and AE multiple times. Still nothing.
    If anyone has more advice, please let me know. This is very odd and frustrating. I do not understand why one computer can see the thing, but the other one cannot.
    Thanks,
    Bryan

    Okay, this really has me baffled... When I woke up this morning and looked at my laptop, the AE appeared in the Admin Utility and as a speaker selection in iTunes. When I tried to select the AE as an audio output in iTunes the application just did not respond. I closed and restarted iTunes and the output selector was no longer there, and when I checked the Admin Utility the AE was no longer in the list.
    I decided to not worry about it for now.
    So then I logged into my work network via my VPN client. While attached to the VPN I clicked over to iTunes and, lo and behold, the selector is back and the AE is available for audio output. Once again, if I try to select the AE as the output, iTunes does not respond to the selection. The AE is also visible in the Admin Utility while connected to the VPN as well. If I log off of the VPN, the AE disappears from iTunes and the Admin Utility.
    Any ideas?
    Thanks,
    Bryan

  • MY IMAC is from mi-2011; it should have the air play recopie video : I can not see it on my mac but air play is wirking only for audio; I can not watch the screen of my Imac on my TV Why?

    My Imac should be able to get the recopie video via Air play because it is from Mid 2011.
    Nothing work except the audio : Why?

    No way for us to know for sure (without similar product/issues) but the
    HP Support site suggests that with the current Mavericks OS X 10.9.x
    their drivers should be available through Apple Software Updates:
    http://h30434.www3.hp.com/t5/Mac-Printing-and-Scanning/HP-Product-Support-using- Apple-Software-Updates-for-new-OS-X/td-p/3086229
    However that may be limited to certain models of printers or scanners that
    already had been known to be working under OS X as of that date in a
    prior OS X (such as 10.8.5, 10.7.5, 10.6.8, etc) with earlier product support.
    •Drivers and Downloads for Printers, Scanners, & More - HP Support:
    http://www8.hp.com/us/en/drivers.html
    A link to Mac OS X Support's List Printer & Scanner software (HP+ Other)
    •OS X: Printer and scanner software available for download
    HP Officejet t65 All-in-One Printer
    {According to this page, your old printer has only Windows & Linux drivers
    but you may or may not look into third-party driver support through such
    sites as Gimp; though unlikely to be available with Mavericks, or Yosemite}
    •HP Support Forum - Home:
    http://h30434.www3.hp.com/psg/?lang=en&cc=us
    You may be able to get a deal on a new printer as they are rapidly obsoleted.
    PS: edit to add... there was a Gutenprint driver reference for T65 Printer here:
    Mac OS X 10.5: Included printer drivers
    Yet a driver for ancient Leopard 10.5.x may not be suitable for Mavericks 10.9.x
    but the Gutenprint lead may be helpful to locate whatever may exist; or not.
    https://www.google.com/?gws_rd=ssl#q=gutenprint+mavericks
    Good luck & happy computing!
    edited

  • Not seeing all photos in iPhoto, but all appear in Aperture

    I just updated to Mountain Lion and updated iPhoto and Aperture.  I noticed, and had a slight heart attack, that only 5000 of my 51000 photos were shown in iPhoto!  I then opened Aperture and happily see all 51000 photos.  I am using the same iPhoto libray and not sure if there is some setting that I am missing on iPhoto that is hiding a majotity of my pictures.  I need to have both applications access the same library, I use Aperuture and my Wife uses iPhoto.  Any sugesstions on what I may have done wrong?

    Are you using Stacking in Aperture?

  • Not seeing other Macs on network (but the G4 did)?

    My new Mac Mini is connected via ethernet to my FIOS router (same connection as my now-dead G4 tower which had OSX10.4.11).
    Internet connection on the new Mini is fine.
    Dear Daughter number one can print to the printer connected to my Mini with her MacBook on the wireless side of the network.
    But I can no longer see either her computer or her sister's Mac, which used to show up on my network on the old G4. Both of them are on the wireless side of the network.
    Any ideas on what I'm missing here? I'm going to do some more troubleshooting this evening and wanted to know where to start.

    Check on their Mac's System Preferences > Sharing > Services > File Sharing is On.

  • Firefox does not see my updated web page, but can see it using IE. Why?

    My web site is designed on Frontpage. I updated information of several pages. One page in particular does not show the updated information. http://www.dianedrain.com/RealProperty/TrusteeSalesForeclosures/TRUSTEEpendingTrusteeSales.htm
    Yet, IE does show the page with the updates. Why?

    Reload web page(s) and bypass the cache.
    *Press and hold Shift and left-click the Reload button.
    *Press "Ctrl + F5" or press "Ctrl + Shift + R" (Windows,Linux)
    *Press "Cmd + Shift + R" (MAC)
    See also http://kb.mozillazine.org/browser.cache.check_doc_frequency (1)

  • ImovieHD 6.03  does not see popular Canon GL2  cam but earlier imovie does

    I have found that my Canon GL2 camcorder is not recognized and will not import into iMovie HD. I changed the setting to standard definition, 640 x 480, but it does not work. It works with earlier versions of iMovie. The Canon GL2 cam is a popular cam so I do not understand what is wrong. I have checked the pulldown menu by the camera on the control screen but the only cam it "sees" is the the isight so I can not switch it to the GL2. I have a lot of old movies I want to digitize and I would prefer to do it on my new mac rather than my old mac.

    There are a few Canon issues that have been addressed:
    Macintosh: FireWire Issue With Some Canon Mini-DV Cameras
    http://docs.info.apple.com/article.html?artnum=61603
    Even if your specific camera is not listed, please follow the suggestions there.
    :)Sue

  • Not only NO SONG ON PAGE, but NO CARET showing!

    RE: http://web.mac.com/lorna6/iWeb/4TH%20DOWN/Eric%20.html
    PROBLEM:
    At the site above, the .mov song that I placed there about a month ago now does not play. Not only does it not play, but the caret (sideways "V") isn't even there. Usually after any kind of edit, the caret shows up on the page until I either edit out the page for the new .mov file, or do it the fast way with MassReplaceIt.
    RUN-UP TO THE PROBLEM:
    Because I edited out three of Chris' pages on my website, I had to edit out the three .js files for those pages, so I went to MassReplaceIt to do so. When I clicked the Replace button, however, the window readout of the files listed them all as "File Not Found."
    So I quit MassReplaceIt, went to my iDisk, edited the three .js files for Chris, and all was fine; the songs for those three pages played.
    However, I remembered that when I was previously in MassReplaceIt, one of the files was not correctly written. The file for Eric (manager of the rock band) was spelled Eric .js, with the space after Eric. (Why does this happen? I did not do that.)
    So I went to my iDisk, found the Eric files, including a lot of the old, incorrect Eric files with the tilde (~) preceding the file to show that it was invalid. I edited the incorrect file to read Eric.js (eliminated the space after Eric.)
    I then went to MassReplaceIt, deleted the incorrect Eric fle, hit the + button to put in the new, corrected Eric file, and thought that it would be OK.
    Then I went back to check the page in Safari for the song, and as I said, not only is there no song from his band, but neither is there the CARET!
    I cleared the cache, cleared the history, went to another site, returned to my website -- several times. Still no song on Eric's page.
    ** I realize that the MassReplaceIt issue and the No Song on Eric's Page are separate issues. I included the MassReplaceIt issue only to be complete in giving the history of this puzzle.
    Meanwhile, the band is playing in a huge contest this Saturday and I'm dropping the ball for Eric by not having the band's music on my page. (OK, I admit it is a very small, lightweight ball, more like a pingpong rather than a basketball, but it's me dropping a ball.)
    HOW CAN I GET THE SONG ONTO THE PAGE? DO I HAVE TO MAKE A NEW .MOV FILE AND PUT IT ONTO THE PAGE? OR SOMETHING EASIER?
    Lorna in Southern California

    I think your problem does revolve around the
    mysterious "Space" character in your page names.
    Here is your URL again...
    http://web.mac.com/lorna6/iWeb/4TH%20DOWN/Eric%20.html
    See on the end how there is a "%20" in
    "Eric%20.html". This indicates that you have placed
    a space after "Eric" when you typed the page name.
    Your .js file and your songfile are just fine...
    http://web.mac.com/lorna6/iWeb/4TH%20DOWN/Eric%20_file
    s/Eric.js
    http://web.mac.com/lorna6/iWeb/4TH%20DOWN/Eric%20_file
    s/Dirty%20Business.mov
    .......... Lorna says ...............................................
    James, everything is OK now, but I have a question:
    The two files directly above also have that %20% in them. So why is it wrong in the first file you mentioned, but not in these two directly above?
    The problem, though is that there is a naming
    inconsistency (with the "%20" space character). You
    have fixed the filename of the "Eric.js" file, but
    not all the other referring URLs perhaps.
    The easiest thing to do at this point is to publish
    the page again. This is going to be easy, because
    you are going to have to take the space (after
    "Eric") out anyway.
    .......... Lorna says ...............................................
    Question is: Why did this suddenly begin? Eric's page was fine before. Then suddenly, not.
    One thing I have learned thanks to your post is that I should check the Page tab for how I entered a name. Also to be very sure NOT to hit the Space bar at the end of a word if I am typing out the name of a file!
    Thanks, James. You saved Eric's day and mine.
    Lorna in Southern California

  • When I click Organize Bookmarks, I do NOT see a drop down menu for All Bookmarks showing me my bookmarks so I can organize them. How can I fix this?

    I just downloaded 3.6. Not sure if that's relevant.

    Try http://kb.mozillazine.org/Locked_or_damaged_places.sqlite

Maybe you are looking for

  • Why no closed captioning with TV shows?

    Since most TV shows are already have closed captioning, why is not this option presented for TV programs available on iTunes? Also, I wonder if the lack of [CC] is a violation of the American with Disabilities Act. Corbin

  • Making changes in Mail

    making changes; delete, move to iCloud folder, etc.; in Mail with Mountain Lion has no effect; must use iCloud webpage to make changes.  Didn't have this problem with Lion.

  • How to manage source for java project using eclips?

    Hi,We use TFS 2013 and VS 2013 for source control ,now we want to start mobile app using eclips, How to control source of that project,How we can have features of tfs source control on that type of project such a mobile that use eclips. thanks Thanks

  • Reset All Dialog Boxes Registry

    Hi I am working on a machine at present where the graphics card isn't up to spec but it runs photoshop fine. However I get the usual dialog about downloading updated graphics driver and referring you to the website for information on OpenGL etc. If I

  • How to copy one plot from a waveformGraph or a chart to an other waveform Graph in run time?

    Hello... I need to copy a chart og waveform graph to another waveform graph in runtime, but its not working, I tried to copy froma chart to a graph by using the history property, but it didn't work coz it just runs the data from the chart the same wa