have you installed a valid SSL/TLS certificate as a delivery_cert (if you use AsyncOS 7.1 and above)? It seems that the destination mailserver cannot verify the certificate you present (either it is self signed or the Root CA you're using is unknown to the destination mail server).
We are currently running AsyncOS 7.5 and do have a valid SSL/TLS certificate. The one caveat is that it is a wildcard certificate. Is it possible that this one domain doesn't accept wildcard certificates?
I currently have outbound e-mail delivery mail flow policies set to preferred TLS and am currently seeing about 60% of the connections making a successful TLS connection.
Thanks for sharing your thoughts it is much appreciated!
it's hard to determine which policy triggers on the destination mail server here, so getting in touch with the postmaster from the receiving domain may be the best approach. Possibly they struggle with verifying the certificate due to lack of RootCA installed on their end.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...