Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Email Security Quick-links: ESA Product Support | SMA Product Support | Email Submission and Tracking Portal | Cisco SecurityHub
Current General Deployment (GD) Releases:
ESA: 11.0.0-264 WSA: 10.5.1-296 SMA: 11.0.0-115 Email Plug-in (Reporting): 1.0.1-048 Email Plug-in (Encryption): 1.0.0-036

New Member

Delivery via TLS not working

Getting the following error:

(DCID 14390733) Message 31196742 to     address@domain.com     delayed. Reason:  4.1.0 - Unknown address error ('454', ['4.7.0 Failed to establish appropriate  TLS channel: UntrustedRoot: Access Denied']) [(\'from\', \'"e-mail address\'), (\'to\', \'e-mail address\\'), (\'subject\', \'11:22\')]

Any thoughts?

3 REPLIES

Delivery via TLS not working

Hello Jason,

have you installed a valid SSL/TLS certificate as a delivery_cert (if you use AsyncOS 7.1 and above)? It seems that the destination mailserver cannot verify the certificate you present (either it is self signed or the Root CA you're using is unknown to the destination mail server).

Thanks and regards,

Martin

New Member

Delivery via TLS not working

Hey Martin,

     We are currently running AsyncOS 7.5 and do have a valid SSL/TLS certificate.  The one caveat is that it is a wildcard certificate.  Is it possible that this one domain doesn't accept wildcard certificates?

I currently have outbound e-mail delivery mail flow policies set to preferred TLS and am currently seeing about 60% of the connections making a successful TLS connection.

Thanks for sharing your thoughts it is much appreciated!

Jason

Delivery via TLS not working

Hello Jason,

it's hard to determine which policy triggers on the destination mail server here, so getting in touch with the postmaster from the receiving domain may be the best approach. Possibly they struggle with verifying the certificate due to lack of RootCA installed on their end.

Thanks and regards,

Martin

2536
Views
0
Helpful
3
Replies