Hi all,
We are configuring a web server to be able to send email to the accounts in our hybrid development.
The server has a functional TLS certificate on for its SMTP client, and we have verified the validity of the certificate in multiple ways.
The issue we are facing is that we receive the following SMTP error from the Exchange server after the RCPT TO command:
454 4.7.0 Failed to establish appropriate TLS channel: SubjectMismatch: Access Denied
Interestingly, when trying the same certificates and the same EHLO/FROM/TO combination from *any other host*, we get the response 250 2.1.5 Recipient OK. Note that this we are not trying to sent authenticated mail, or mail that appears to be coming from the domains serviced by Exchange. We're simply trying to deliver email to the Exchange server.
After trying other known good certificates and mail/TLS clients, I concluded that this error must be because the Office Server expects either a specific hostname or a specific certificate from that IP address. Could you provide some guideline as to what setting might be causing this problem? My intuition is that a setting which was supposed to enforce a policy around the on-premise Exchange server accidentally also included the IP of the web server, which is on the subnet mask.
Thanks for your help.
See below for output:
openssl s_client -starttls smtp -crlf -cert mydomain.com.crt -key mydomain.com.key -connect mydomain-com.mail.eo.outlook.com:25
[TLS negotiation]
250 CHUNKING
EHLO subdomain.mydomain.com
250-CH1EHSMHS022.bigfish.com Hello [38.105.83.46]
250-SIZE 157286400
250-PIPELINING
250-ENHANCEDSTATUSCODES
250-AUTH
250-8BITMIME
250-BINARYMIME
250 CHUNKING
250 2.1.0 Sender OK
MAIL FROM:mailbox@subdomain.mydomain.com
250 2.1.0 Sender OK
rcpt to:mailbox@mydomain.com
454 4.7.0 Failed to establish appropriate TLS channel: SubjectMismatch: Access Denied