I have a Zoho account that is providing email services for a domain. I also have a third party encryption service that can encrypt emails and put them on a hosted HTTPS server for secure communication between my senders and the recipients.

As such, I'm using Zoho Email Routing to route outbound email to my encryption service. This encryption service only works if the connection from Zoho itself is encrypted and meets other inspection tests. Below is the requirements from the encryption provider in italics.

For over one year it worked fine by setting up an inbound route for "smtp.zoho.com", it met the certificate and other requirements listed below. However, a few weeks ago it stopped working. I now see TLS certificate failures from my encryption gateway saying:

" Received TLS connection from relay "sender1.zohomail.com" using encryption of 256 bits. Client certificate not verified."

Because it can't verify the certificate, it will not accept the email as the encryption server needs to meet the requirements to ensure end-to-end secure communication.

I did some Openssl tests against smtp.zoho.com and it seems to use a Comodo signed certificate, Comodo is on the list of supported CAs. 

Here are the requirements:

I have emailed support, but I don't think they understand what is going on