I have an APM rule that is sending OTP email to users. Everything works when I'm using a standard unencrypted port 25 SMTP test server.
However when I point to our production Exchange 2016 port 25, STARTTLS ths SSL handshake ends with encrypted Alert (after Client Hello and Server Hello). I ran tcpdump to verify traffic flowing to mailserver. I tried adding the Root Certificate from our internal PKI to big-ip ca-bundle as I figured it might validate the CTL, but that didn't help. If I run SMTP commands manually from bigip command line (HELO, RCPT TO, MAIL FROM, DATA etc), then mail goes through. If I run Test button on SMTP konfig, it verifies with OK, and I can see the traffic with tcpdump. Anybody got any ideas what to try next?