O365 SMTP relay and TLS

You might be aware that TLS 1.0 and TLS 1.1 are deprecated
This might raise SMTP issues like “Authentication failed because the remote party has closed the transport stream.”
when sending TLS encrypted messages from an older printer as an example

A little timeline:
1989 – TLS 1.0
1995 – SSL 2.0
1996 – SSL 3.0
2006 – TLS 1.1
2008 – TLS 1.2

When testing a O365 SMTP relay using powershell we can use the send-mailmessage function.
To check TLS settings for this transmission and to adjust these we look into .Net framework parameters like the following

Powershell 

# Enable TLS 1.2 as Security Protocol
[Net.ServicePointManager]::SecurityProtocol = `
    [Net.SecurityProtocolType]::Tls12 ;


# Enable TLS 1.2 and TLS 1.1 as Security Protocols
[Net.ServicePointManager]::SecurityProtocol = `
    [Net.SecurityProtocolType]::Tls12,
    [Net.SecurityProtocolType]::Tls11 ;


# Validate the configured protocol(s) is/are listed
[Net.ServicePointManager]::SecurityProtocol

And to check the TLS settings on the O365 connector we could use

Get-InboundConnector |fl

More articles

Dynamic botnet filter

We can utilize dynamic botnet filters on firewalls and specific services can be called upon dynamically. On Github there are several

Read More »