Sunday, April 28, 2019

Cisco Router messed up SMTP TLS with Office 365

Mail routing from Office 365 to an on-premise Exchange Server was working successfully.

Mail flow from the on-premises Exchange Server to Office 365 was failing.

Email in the queue was generating:

LastError : 451 5.7.3 STARTTLS is required to send mail


I had a valid SMTP certificate bound to with Enable-ExchangeCertificate and my Send Connector to Office 365 was TLS enabled - yet we had a TLS error.

This was caused by a Cisco Router 1941 with SMTP inspect causing issues.

The router has the following line in the config:

"ip inspect name CBAC smtp"


After removing this line with "no ip inspect name CBAC smtp" mail flow started working successfully.