451 5.7.3 STARTTLS is required to send mail Error – office 365

Posted by on

Announcement: Hurry up and Register for our Azure AD Security training – seats limited, Click Here for More Info.

Hello Office365 Admins,

Ahmad Yasin

while I am working in one of my customer site to migrate mailboxes to office 365 (Exchange online), I faced an issue in the mail flow from local on premise exchange to migrated mailboxes in the cloud, when I checked the queue I noticed that the emails stuck in the queue with below error:

450 4.4.101 Proxy session setup failed on Frontend with ‘451 4.4.0 Primary target IP address responded with “451 5.7.3 STARTTLS is required to send mail.” Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was <endpoint>’.

I did some search and I found a Microsoft article says: to solve this issue you should Remove the TLSCertificateName and TLSDomainCapabilities properties from the receive connector on the hybrid server: https://support.microsoft.com/en-us/kb/2989382

I did the above steps in the article but unfortunately the issue didn’t resolved in my case.

the exchange topology in the site is:

  1. Two Exchange 2010 client access servers.
  2. Two Exchange 2010 Mailbox Servers.
  3. One Exchange 2010 Edge server.
  4. CISCO ASA Firewall.

Now, while I am trying to telnet mydomain.mail.protection.outlook.com on port 25 from the edge server I receive a stars (220 ***********************************************************) as below:

4

The result:

5

Once you receive a result like above this means that the SMTP inspection is enabled in the firewall and as you know this feature make a lot of issues in the mail flow usually, so I asked the the Network team to disable the SMTP Inspection in the CISCO ASA, once it’s disabled all mail flow worked like a Magic 🙂

About blogger …

Ahmad Yasin

Ahmad Yasin (MCSA office 365, MCSE, Messaging, Azure certified)

Ahmad Yasin in a Microsoft Cloud Engineer and the Owner & publisher of AzureDummies blog. He also hold many certificates in office 365 and windows azure including Developing Microsoft Azure Solutions, Implementing Microsoft Azure Infrastructure Solutions and MCSA office 365.
Ahmad is currently working in Specialized Technical Services Company (STS).
Find Ahmad at Facebook and LinkedIn

8 Comments

  5. Hi Ahmad,
    When I’m trying to send mail through office365 server with starttls, the application isn’t able to find the hostname while when I’m using some local server without STARTTLS the mails are getting through.
    Can you please suggest what should I do to send mail with STARTTLS enabled.

    Reply to this comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.