Wordpress/Easy WP SMTP 错误将 TLS 安全邮件发送到 Exchange 2016 On-Prem 服务器

我有一个未加入域的 Windows Server 2012R2 Web 服务器，该服务器托管 Wordpress，并在 DMZ 中使用 Easy WP SMTP 插件。它应该向我们的内部 Exchange 2016 服务器发送电子邮件，例如警报、新注册等。它以前在端口 25 上使用不安全的 SMTP，但我们正尝试将其配置为在端口 587 上使用 TLS。但是，我无法发送它，因为 Exchange Server 一直拒绝连接：

    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,0,10.0.0.44:587,192.168.200.3:58156,+,,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,1,10.0.0.44:587,192.168.200.3:58156,>,"220 mail.domain.com Microsoft ESMTP MAIL Service ready at Mon, 30 Mar 2020 08:25:53 -0500",
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,2,10.0.0.44:587,192.168.200.3:58156,<,EHLO www.domain.com,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,3,10.0.0.44:587,192.168.200.3:58156,>,250  mail.domain.com Hello [192.168.200.3] SIZE 36700160 PIPELINING DSN ENHANCEDSTATUSCODES STARTTLS AUTH GSSAPI NTLM 8BITMIME BINARYMIME CHUNKING,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,4,10.0.0.44:587,192.168.200.3:58156,<,STARTTLS,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,5,10.0.0.44:587,192.168.200.3:58156,>,220 2.0.0 SMTP server ready,
    2020-03-30T13:25:53.654Z,<Rcv Conn>,08D7D3F917D985E4,6,10.0.0.44:587,192.168.200.3:58156,*," CN=*.domain.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB 4F8D1253CAE6C3AA06ED0310EAA39158 827CCAB98B7AC22709CBC1408C74CCED89060C98 2020-03-17T19:00:00.000Z 2021-03-18T18:59:59.000Z *.domain.com;domain.com",Sending certificate Subject Issuer name Serial number Thumbprint Not before Not after Subject alternate names
    2020-03-30T13:26:08.998Z,<Rcv Conn>,08D7D3F917D985E4,7,10.0.0.44:587,192.168.200.3:58156,*,,TLS negotiation failed with error CertUnknown
    2020-03-30T13:26:08.998Z,<Rcv Conn>,08D7D3F917D985E4,8,10.0.0.44:587,192.168.200.3:58156,-,,Local

该证书没有问题，因为 587 上的许多其他 TLS 连接运行正常，没有任何问题。