mdimthyas avatar image
0 Votes"
mdimthyas asked joyceshen-MSFT commented

Clients sending email using Port 587

We have ticketing system which is using IMAP for connecting to Exchange and it creates a ticket after fetching email from Mailbox using IMAP on Port 993 . They started complaining that it stopped working.

We are having 3 Exchange 2013 CAS servers in CASArray with Windows NLB and 4 mb servers in DAG.

Internal domain is different and external domain is Different. Wild Card cert is being used with DNS name xxxxx.xx.xx
Ticketing system is connecting to xxxxx.xx.xx on Port 993.

xxxxx.xx.xx is mapped to Virtual IP which is pointing to CAS servers.

As it was a Wild Card cert, could not map it to IMAP , so used the

Set-IMAPSettings -X509CertificateName xxxxx.xx.xx

During this time I found out a Cert which was a local cert generated and from a Local CA and was installed on the CAS servers , it had expired. I renewed it etc. and after rebooting, ticketing system started working.

But new issue came up, where some Application Users started complaining that their code is not sending email on Port 587.

Actually, we have always asked the internal users to Use Port 25 without Authentication and we had given access only from Servers ( that too only for internal users).

For Relay , we have a different connector and we add IP's if someone wants to send email to Outside world using code.

So these coders started using Port 587 without information and using their ID's and as the Connector is enabled for Exchange User, they were able to send emails, but now it stopped working and they are complaining.

So, I am not sure how can I check , because as far as I know we can bind only one Cert to SMTP,so i cannot bind the newly generated local CA cert.

Can anyone suggest.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @mdimthyas

Is there any update about your question? Have you tried the steps list below?

0 Votes 0 ·

1 Answer

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered joyceshen-MSFT commented

Hi @mdimthyas

Exchange Server has a receive connector designed to be used by clients that need to send via SMTP called “SERVERNAMEClient Frontend SERVERNAME”, I would suggest you check if the certificate binding to this connector is correct.

 Get-ReceiveConnector "YourServerName\Client Frontend YourServerName" | fl *cert*

If the certificate is expired or not correct, we could reset the certificate(which is bind SMTP service) for this connector.

Use Get-ExchangeCertificate to identify the thumbprint of the SSL certificate you’ll be using


The syntax of the TlsCertificateName string is made up of two different attributes of the certificate, so we use the following commands to apply the configuration to the receive connector.

 $cert = Get-ExchangeCertificate -Thumbprint XXXXXXXXXXXXX
 $tlscertificatename = "<i>$($cert.Issuer)<s>$($cert.Subject)"
 Set-ReceiveConnector "EXSERVER\Client Frontend EXSERVER" -Fqdn -TlsCertificateName $tlscertificatename

Detailed information can be reached here by this link.
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @mdimthyas

Share your progress here if you are free, waiting for your feedback!

0 Votes 0 ·