This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Smarthost TLS problem

I've had a very strange issue today...

Our customer has a UTM working as a transparent proxy (https: URL filtering only) in the configuration: LAN -> UTM -> transfer network -> other firewall -> internet

The firewall rule on the UTM is Any:Any:Any sincte the other firewall is handling the external traffic. On the UTM the POP3 proxy is active, SMTP proxy is NOT used.


Customer has an Exchange 2013 Server that is collecting it's mail with POP-Beamer, using the POP3 Proxy of the UTM. Sending of emails worked via smarthost send connector that used "SMTP (port 25). His mail provider changed his smtp server to SMTP (port 587) and the exchange server stopped sending mails because of certificate validation issues. I found a blog post that was handling the same error message and the author managed to get it up again by enabling netshell winhttp proxy settings. It seemed to have something to do with ocsp verification for the TLS certificate of the new mail server.

I tried excluding the exchange server's traffic completely via skip list entry, no luck. What should I say, I gave it a try and set the netshell proxy to use the (transparent) proxy as dedicated proxy and voilá, the sh..t worked! I'm fine with the "solution" for the moment but there remains a big big question about it...

I can't understand why the verification of the TLS certificate doesn't work in transparent proxy mode with a skiplist entry. Can anybody explain this to me?



This thread was automatically locked due to age.
Parents Reply Children
No Data