Jun 15 2022 01:17 AM
Hi Small Business Server 2016 Essentials....
Quote from Bank Support
Unfortunately, when we checked the TLS compatibility of your domain we noted that you currently use a self-signed certificate to support your current TLS configuration (as illustrated below).
SSLVersion in use: TLSv1_2
Cipher in use: ECDHE-RSA-AES256-GCM-SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 1 (sent by MX):
Cert VALIDATION ERROR(S): unable to get local issuer certificate
This may help: What Is An Intermediate Certificate
So email is encrypted but the recipient domain is not verified
Cert Hostname DOES NOT VERIFY (mail.companydomian.co.uk != Exchsvr | DNS:Exchsvr | DNS:Exchsvr.companyname.local)
So email is encrypted but the host is not verified
Not Valid Before: Jan 12 16:12:54 2020 GMT
Not Valid After: Jan 12 16:12:54 2025 GMT
We do use Lets Encrypt / Cerify the web I presume the bank is getting the internal info from the receive connectors. If I try to change the ehlo to mail.company.co.uk I get the error
' If the AuthMechanism attribute on a Receive connector contains the value ExchangeServer, you must set the FQDN parameter on the Receive connector to one of the following values: the FQDN of the transport server "Exchsvr.mydomain.local", the NetBIOS name of the transport server "Exchsvr", or $null. . Do I need to change the settings in security settings of the receive connector and in doing so what will it affect?
Should I setup a new recive connector? But my reading Im confused by mention of put in external IP ( senders ) there could be many IPs also I need to assign another IP but my internal exchange server has only 1 IP
This Bank, only one I have to do this for.. LLoyds, sending emails are fine to LLoyds is just when they send to my client they get
Remote Server returned '554 5.4.0 < #4.7.5 smtp; 454 4.7.5 [internal] verify error:num=21:unable to verify the first certificate:depth=0:/CN=Exchsvr> ( Exchsvr being Exchange 2016 server name )
Changing Banks is not an option...lol