Adding TLS Settings for Messages Entering IMSVA

Go to Administration → IMSVA Configuration → Transport Layer Security.

The Transport Layer Security screen appears with the Messages Entering IMSVA tab displayed by default.

Click Add under IP Address/Domain List.

The Add TLS IP Address or Domain screen appears.

Note

By default, the Enable check box is selected. If you clear this check box, the TLS settings you specify in the following steps do not take effect.

Specify the IP or subnet address of the target email client or the domain of target email senders in the IP address or domain field.

Select one of the following from the Security level drop-down list:

Never: IMSVA does not use TLS for the specified IP address or domain.
Opportunistic: IMSVA declares support for TLS for the specified IP address or domain. The client can choose whether to start a TLS connection.
Must: IMSVA requires TLS for communication for the specified IP address or domain. Communication between IMSVA and the client is encrypted.
Verify: IMSVA requires the client to start a TLS connection for the specified IP address or domain and send its certificate to IMSVA for client identification.

If any option other than Never was selected from the Security level drop-down list, select one of the following from the Cipher grade drop-down list:

Medium: Communication between IMSVA and clients uses "medium" and "strong" encryption cipher suites.

For details about these cipher suites, see Supported Protocols and Cipher Suites.
Strong: Communication between IMSVA and clients uses "strong" encryption cipher suites.

For details about these cipher suites, see Supported Protocols and Cipher Suites.

Click OK.

When you use the default TLS setting or specify a TLS domain or subdomain, the Never security level does not take effect if your client issues a STARTTLS command. To make the Never security level effective, do either of the following:

Ask your client not to issue STARTTLS before transmission.

Disable TLS for all messages entering IMSVA by running the following command:

Note

Trend Micro does not recommend this operation because it affects all messages entering IMSVA.

postconf -e smtpd_tls_security_level=none && postfix
                                    reload

To enable TLS back again, run the following command:

postconf -e smtpd_tls_security_level=may && postfix
                                    reload

/*<![CDATA[*/ $('#title').html($('meta[name=description]').attr('content')); /*]]>*/