Database mail, .Net versions and TLS 1.2 support

Hi All,

My first post here - hopefully someone can help!

I'm trying to get database mail working via an authenticated connection to an Office365 mailbox, but having issues.

If I set database mail up, the error I get when sending mail is a standard 5.7.57 (The mail could not be sent to the recipients because of the mail server failure. The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.57 SMTP; Client was not authenticated to send anonymous mail during MAIL FROM.....).

There are absolutely loads of internet articles about this, but so far none have helped. In short, Office365 requires a TLS1.2 connection - anything less than that (e.g. TLS1.1, 1.0 etc.) won't work.

From what I can gather, database mail uses .Net 3.5, and that doesn't natively support TLS1.2. There's various suggestions about registry changes to enable TLS1.2 with .Net 3.5 (and to even disable all other versions), but I've tried them all with no success. The issue ISN'T the popular one whereby the databasemail.exe.config file is missing due to a problematic update for SQL2016 - that file is present.

I've got various different SQL instances on different servers, and this is a consistent problem across them all - they range from 2016 Standard to 2017 Enterprise. I'm aware that .Net 3.5 is no longer a requirement for the latest versions of SQL (and hence not having .Net 3.5 installed might actually help), but it's unfortunately needed for other services.

Has anyone come across this and been successful in getting it working? I know that I could use something like an internal IIS relay to act as an intermediary (accept unauthenticated connections from SQL, and then send these to 365 using an authenticated TLS1.2 connection), but I'm keen to avoid that.

Thanks in advanced for suggestions\thoughts.