Hi,
We have 2x 2013 Edge servers in our DMZ. I used MXToolbox.com to run a test and it came back telling me that my SMTP Banner did not match my reverse DNS. I went on and changed this in powershell, this fixed that issue but the issue then was that it told me that the Edge servers were not advertising TLS (no 250-STARTTLS). I have since changed it back to the original configuration.
I see the certificate installed on the servers are just self signed so when I changed the FQDN banner, I assume this meant it did not match the certificate and thus did not advertise TLS?
My question is. Is it a problem if I have my edge servers SMTP banner for incoming connections being the FQDN edgeserver1.domain.local instead of the reverse DNS address of smtp01.domain.com?
Finally, if i wanted to change the banner and still use opportunistic TLS, I assume I would have to install a trusted 3rd party certificate, correct?
Thanks for reading.
Brendan