We have been seeing some strange TLS errors for messages going to domains with MX Records in the *.iphmx.com domain recently. Whois says it belongs to "Cloud Email Security - Cisco Systems" so it would appear to be part of the Ironport Cloud Service. Some of the partner domains I ran tlsverify against came back with this:
Certificate verification failed: self signed certificate in certificate chain.
I decided to try and help out so I sent a note to the ARIN contacts for the IP network and then I got this in response:
Delivery is delayed to these recipients or distribution lists:
Not saying this is the answer, but when Cisco provision a cloud email security system for a customer they provide self signed certs for all SSL/TLS protected transactions including TLS. One of the actions the customer has to perform is to replace those self signed certs with CA signed certs (if they wish). It may be that the domains you are looking at are trials or POCs and they haven't got round to providing signed certs, or they may have decided not to have CA signed TLS certs. It is perfectly valid to use self-signed certs, with the risk that if the "other end" requires signed certs then emails will be bounced or sent over unencrypted channels, according to policy.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :