Messaging Gateway

Hi,

recently Gmail added a red open padlock icon on the messages we deliver through SMG.

This is the article

Basically it alerts that "yourdomain.com did not encrypt this message"

How can I configure SMG to make the padlock icon disappear ?

Thanks for help.

Hi, The Feature you are looking for is called opportunistic tls. To enable it on smg go to Administration host config, smtp, advanced, delivery. There you should find an option "attempt tls encryption" (or similar - currently no access to my cc). BUT! !! 1. Be sure to update to 10.6.0-7 First 2. Be aware of ciphers. In you have active enforced tls connections first Check with openssl. SSLv3 enabled yes/no? Controlcenters https not available from the Internet Disable offer client certificate. Last but not least validate your certificate more then one . .. check the recent Kbs from symantec Monitor your delivery Quere Monitor your dropped connections inbound Thomas

Thanks ! It works.

I enabled "attempt tls encryption" only and it seems to do the trick.

Do I have to check other settings ?

Thanks.

Good to hear.

Check other settings:

- certificate should be valid (some recipient domains check if its valid)

- offering client certificate currently is not a good idea, eg no connection to/from office365 can be esteblished

- keep an eye on your delivery queue, it should not rise

- depending on SSLv3 and fips en- or disabled the cipher suites differ

- if you use enforced tls connections, use openssl to check the negotiated ciphers - if they are weak think of other communication routes

I'm sure i missed something, but its a good start

 

Thomas