In these days, our provider Ionos/1&1 starts to accept only encrypted access to its mail server and at least TLS 1.2.

There are no problems with incoming mails. In order to be on the safe side with our Win SBS Server 2008 (no comments please!) with outgoing mails, I now have interposed stunnel as recommended many times on the web. This works in principle. Unfortunate exception: In some cases - expecially if the mail recipient has a Microsoft address like @hotmail.de, @live.de, @outlook.com -, sending aborts with error 503 5.5.2 ("Need mail command").

Unfortunately, I'm quite innocent with SMTP, SSL and certificates, but worked hard to create the following stunnel configuration file:

socket = l:TCP_NODELAY=0 socket = r:TCP_NODELAY=0 client = yes output = C:\Program Files (x86)\stunnel\stunnel.log

[smtpionos] accept = localhost:465 connect = smtp.ionos.de:465 verifyChain = yes verifyPeer = yes CAfile = C:\Program Files (x86)\stunnel\config\amakor2022.pem checkHost = remote.management-kommunikation.de protocolHost = smtp.ionos.de protocolAuthentication = login protocolUsername = OUR_USERNAME protocolPassword = OUR_PASSWORD sslVersionMin = TLSv1.2 sslVersionMax = TLSv1.2 delay = yes protocol = smtp

amakor2022.pem is the "PositiveSSL" certificate that we acquired for our subdomain remote.management-kommunikation.de. "Our_Username" and "Our_Password" are of course our correct access data.

After spending hours searching the web for a solution, does anyone have a tip what's wrong and what to do?