Messaging Gateway

 View Only
  • 1.  How to enforce SMTP via TLS with SMG 10.5

    Posted Apr 05, 2014 12:00 AM

    Hello,

     

    For some domain we need to require receiving/sending with TLS.

    I followed instruction here: http://www.symantec.com/business/support/index?page=content&id=TECH142122&actp=search&viewlocale=en_US&searchid=1396669021621

    but I also read this http://www.symantec.com/business/support/index?page=content&id=TECH154048&actp=search&viewlocale=en_US&searchid=1396668530541

    The two are somewhat contradictory.

    How do you achieve this?

     

    thank's

     

    Eric



  • 2.  RE: How to enforce SMTP via TLS with SMG 10.5

    Broadcom Employee
    Posted Apr 05, 2014 02:52 AM

    have you followed these steps as mentioned in kb

    http://www.symantec.com/business/support/index?page=content&id=TECH154048

     



  • 3.  RE: How to enforce SMTP via TLS with SMG 10.5

    Posted Apr 05, 2014 10:33 AM

    I followed http://www.symantec.com/docs/TECH142122 since it was more recent than the http://www.symantec.com/docs/TECH154048

    but if I should follow http://www.symantec.com/docs/TECH154048, I will change my config

    Thank's

     



  • 4.  RE: How to enforce SMTP via TLS with SMG 10.5

    Posted Apr 05, 2014 02:20 PM

    I looked at the TECH154048 but I'm not sure about the rule for inbound message.

    <<If text in Message header part of the message does not contain 1 or more occurrences of "ESMTPS">>

    Header can contain ESMTPS but it's not necessarily between distant server and mine, it can have done ESMTPS inside mail environnment of the external organisation but pass in clear to my system and the rule will not trigger, exact?

    Eric



  • 5.  RE: How to enforce SMTP via TLS with SMG 10.5

    Posted Apr 10, 2014 11:37 AM

    I tried the solution in http://www.symantec.com/business/support/index?page=content&id=TECH154048 and it's not working!

    If I send 1 message to 2 users in different domain like domain exemple.com and hotmail.com, and I require TLS for domain exemple.com, the system will try to deliver in TLS the message to hotmail.com also...



  • 6.  RE: How to enforce SMTP via TLS with SMG 10.5
    Best Answer

    Posted Apr 10, 2014 02:35 PM

    Solution for SMG 10.5

    Protocols/Domains

    Add the domain for wich you want TLS

    In the Acceptance tab, Uncheck Local Domain and check Reject mail from this domain if not sent using TLS

    In the Delivery tab, Check Optional delivery encryption and check Require TLS encryption and don't verify certificate (or Require TLS encryption and verify certificate)