- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Receiving TLS emails into Exchange but unable to s...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Receiving TLS emails into Exchange but unable to send
We have been requested to send at very least, Opportunistic TLS emails to one of our partners, so i'm currently trying to get this to work with CheckTLS, however i'm having some trouble doing so. We have a Server 2008 R2 box which hosts Exchange 2010. We have third party certs installed and can use autodiscover etc Originally when running tests against our server, we were scoring an F. Turns out we only had SSL2 enabled. So i've now enabled TLS1.0, 1.1 & 1.3. I've disabled all SSL's. Enabling these and rebooting the server has changed our test to a an A score. However enabling these on the server hasn't made a blind bit of difference with sending via TLS and i'm stuck as to where to look next. Our firewall hasn't been touched so could there be something there which would need amending? We use a Fortinet Fortigate 100D. We perform SSL inspection on inbound and outbound mail. I've attempted turning off these, the Anti-virus policy (on the firewall), yet still no luck with getting CheckTLS to send the mail as encrypted. If I perform the test on CheckTLS with my email (inbound) it can see that TLS is enabled on the server and I assume everything looks ok. It says so. Looking at incoming logs states that messages from external sources are being TLS encrypted, so inbound it looks to be ok. Outbound however, the logs state nothing regarding TLS at all. Sending email to my Gmail account shows the little unlocked padlock icon too. The Send Connector FQDN is set to use the MX record listed with our ISP. The Receive Connector FQDN uses an address that isn't the MX record. This is another alternate name which is listed in the SAN's within our certificate. However when telnetting on port 25 with the address listed as our MX record, we can see STARTTLS as an available command. A lot of different combinations of firewall policies have been tested on our Fortigate but hasn't made any difference. Certificate inspection has been turned off but again no difference. TLS is definitely enabled on the Send Connector too. On our Fortigate we're using version 5.2.4, but what's baffling me is the fact incoming emails are able to be TLS encrypted but outbound just will not.
I'm not familiar with the command based use in the Fortigate, but wondered if theres logging I can look at.
Could it be that the Fortigate is stripping out TLS or the recipient server sees us as a different cert? We're using the Fortinet_CA_SSLProxy one but use our own on Exchange 2010.
0 REPLIES 0
Related Posts
- FortiClient VPN - Error 6005 15619 Views
- How to allow recaptcha without google... 754 Views
- FTP 425 unable to build connection 614 Views
- After firmware upgrade, could not access... 800 Views
- Unable to Receive Logs on FortiAnalyzer... 300 Views
Labels
-
FortiGate
6,864 -
FortiClient
1,362 -
5.2
801 -
5.4
639 -
FortiManager
587 -
FortiAnalyzer
432 -
6.0
416 -
5.6
362 -
FortiAP
358 -
FortiSwitch
353 -
FortiClient EMS
277 -
FortiMail
268 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
165 -
6.4
128 -
FortiNAC
117 -
FortiGuard
109 -
IPsec
94 -
FortiSIEM
91 -
FortiGateCloud
90 -
FortiCloud Products
85 -
SSL-VPN
77 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
47 -
FortiADC
45 -
FortiEDR
42 -
Fortivoice
41 -
SD-WAN
36 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiDNS
35 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
High Availability
27 -
FortiAuthenticator
26 -
VLAN
26 -
FortiConnect
24 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiGate v5.2
17 -
FortiSwitch v6.2
16 -
SAML
16 -
DNS
16 -
LDAP
16 -
Certificate
16 -
BGP
15 -
VDOM
15 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Authentication
12 -
fortilink
12 -
Routing
12 -
FortiCASB
12 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Fortigate Cloud
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Traffic shaping policy
6 -
FortiBridge
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
FortiAP profile
5 -
WAN optimization
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.