Configuring TLS encryption

Updated 1 week ago by admin

You can use TLS to encrypt the tunnel between sending and receiving SMTP servers. This increases the security of your emails, and makes interception less likely.

Email Security provides two options for TLS encryption in Message Rules:

  • Enforced TLS will cause the server to only send an email if TLS is supported by the remote site.
  • Opportunistic TLS will cause Email Security to attempt a TLS connection if TLS is advertised by the remote site. If this fails, Email Security will fall back to a non-TLS connection (and plain-text SMTP).
You should choose only one option - Enforced or Opportunistic - for each remote domain. Mixing the two options will give unexpected results.

Email Security provides Opportunistic TLS as part of the default System Message Rules. If you're an older customer, your system rules may not include this - in which case you can follow the instructions below to manually create a TLS rule.

Configuring Enforced TLS

  1. Create a new set of Custom Rule Data covering the domains on which you want to enforce TLS. Separate each domain with a new line.
  1. Create a new Message Rule to add a new email header, which will force TLS delivery.

Use the following parameters for the new Rule:

Conditions

Actions

Final Actions

Direction: Matches Outbound

Recipient: Matches TLS Enforced Domains (the Rule Data you created in Step 1)

Add Message Header: Value x-TLSLevel:Require

None

  1. Drag and drop this Rule above the Deliver Outbound rule.

Configure Opportunistic TLS

  1. Create a new Message Rule to add a new email header, which will force opportunistic TLS delivery.

Use the following parameters for the new Rule:

Conditions

Actions

Final Actions

Direction: Matches Outbound

Add Message Header: Value x-TLSLevel:Try

None

  1. Drag and drop this Rule above the Deliver Outbound rule.


How did we do?