We have received several support requests regarding interrupted mailflow between Exchange Online and SeppMail appliances. The mailflow is interrupted since 07.03.2024 at 23:00 CET time.
In the MS365 logs, the following error message is shown:
LED=450 4.4.317 Cannot connect to remote server [Message=UntrustedRoot] [LastAttemptedServerName=securemail.domain.ch] [LastAttemptedIP=12.34.56.78:25] [SmtpSecurity=-1;-1] [MS365EXOHOSTNAME.PROD.OUTLOOK.COM 2024-03-08T11:11:11.111Z MESSAGEID]}
At the moment we assume, that a configuration issue on the SeppMail appliance is responsible for this error. We have only seen cases where a wildcard certificate was in use and also a part of the certificate chain was missing yet. You can check if you have the correct Certificate chain loaded into your SeppMail appliance. If you like, you can use a tool like openssl or an online service like https://www.checktls.com/TestReceiver to test this.
After loading the full certificate chain into your Seppmail (WebAdmin GUI -> SSL), the mailflow should restore as expected.
Please also ensure, that the certificate hostname in your MS365 Exchange Online connector is set to the exact name of the certificates “subject”. If your certificate has as FQDN as subject, use this (example: hostname.boll.ch). If your certificate has a wildcard as subject, use this (example: *.boll.ch).
Please share your experiences with this blog post with us in the comment section. We really appreciate your feedback.