Cisco Firewall Disabling TLS Initiation by Default
By default, the Cisco ASA will block STARTTLS initiation because of the SMTP packet inspection. One of the following options will enable the Cisco ASA to start TLS on ESTMP sessions...
Option 1)
policy-map type inspect esmtp esmtp_mapparametersallow-tls [action log]