25 C
Dubai
Tuesday, December 3, 2024

Enable Opportunistic TLS with IronPort

Enabling Opportunistic TLS on your Anti spam Devices

A method which can described as “best effort”. When we configure our anti spam appliance to use the option of opportunistic TLS, each time that the anti spam appliance will try to send E-mail message to the internet , our mail system/anti spam will try to verify if the other side supports TLS (START TLS) .

If the destination messaging system supports TLS, our anti spam appliance will send the mail over a secure communication channel using the TLS protocol. if the desitination messaging system doesn’t support TLS it will fall back to un-encrypted communication channel.

Same steps taken while connecting for incoming emails as well . In this environment Iron Port anti spam appliances deliver and receive email.so lets see how to set TLS as Preferred / Opportunistic so that it works smoothly without affecting production emails.

In my Scenario my domain MX is below

A Records and MX Records
mx1.azure365pro.com 195.10.10.11
mx2.azure365pro.com 195.10.10.12
mx3.azure365pro.com 195.10.10.13
mx4.azure365pro.com 195.10.10.14

PTR Records as below _

195.10.10.11 mx1.azure365pro.com
195.10.10.12 mx2.azure365pro.com
195.10.10.13 mx3.azure365pro.com
195.10.10.14 mx4.azure365pro.com

Wild Card Certificate from Digicert

*.azure365pro.com

Choose Network _ Certificates

image

Lets Add Certificate .  Choose Import Certificate

image

Choose the file and enter the passphrase . Click Next

 

image

Click on Submit

image

Assign the certificate on the listeners used

image

Choose the Certificate imported and click on Submit and Commit

image

Lets see how to import on the Inbound Emails First.

image

Choose the certificate click submit and commit.

image

Now click on the default connector.

image

Set TLS Support to Preferred .

image

Submit and commit.

Easiest way to validate send a email to gmail . It will show you the message was transferred using TLS or unencrypted.

Before

image

After

image

Now lets see how to enable for incoming email.

Click on Mail Policies – Mail flow policies – Accepted

image

Now set TLS to Preferred . Submit and Commit.

image

you can validate on this site.

image

image

Now we have enabled Opportunistic TLS on outbound and inbound emails.

It will be used wherever possible.

Satheshwaran Manoharan
Satheshwaran Manoharanhttps://www.azure365pro.com
Award-winning Technology Leader with a wealth of experience running large teams and diversified industry exposure in cloud computing. From shipping lines to rolling stocks.In-depth expertise in driving cloud adoption strategies and modernizing systems to cloud native. Specialized in Microsoft Cloud, DevOps, and Microsoft 365 Stack and conducted numerous successful projects worldwide. Also, Acting as a Technical Advisor for various start-ups.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

× How can I help you?