Mimecast provides access to send and receive emails securely using Transport Layer Security (TLS). The Secure Receipt policy is concerned with the receipt of emails from the sender to the Mimecast platform; and this applies to both inbound or outbound email.
TLS technology is designed to protect confidentiality and data integrity by encrypting connections between servers so that emails are transmitted through a secure tunnel. It uses SMTP over an SSL encrypted tunnel, and requires a valid, third-party certificate to be installed at each end of the tunnel.
Mimecast supports connections using TLS 1.0, 1,1 and 1.2 for AES-256, RC4, MD5 and AnonDHE.
In order to configure and use TLS, each mail server involved in the sending and receipt of the email must have an SSL certificate from a public root certificate authority installed and configured. By default, TLS connections take place over port 25.
When configuring route based TLS, two policies are required to ensure the entire transmission is encrypted:
- Secure Receipt policy: This is required to encrypt data between the sending mail server and Mimecast (i.e. how Mimecast receives the message)
- Secure Delivery policy: This is required to encrypt data between Mimecast and the destination mail server (i.e. how Mimecast delivers the email)
For Secure Receipt Policies, Mimecast acts as the server. The client application connects to Mimecast and checks the server certificate to see if it is acceptable. Typically it would be and the connection would be established. However, if a self-signed certificate is used by the client, it would not succeed in the connection attempt.
A configuration option can be enabled by Mimecast support that will allow the connection to be established. In this scenario, Mimecast acts as the the client and the customer application acts as the server. Mimecast will then verify the certificate.
Using Secure Receipt, an Administrator can set up specific policies to enforce TLS or use TLS where possible when accepting emails. This refers to both inbound and outbound emails, but always from the perspective of Mimecast receiving the emails. Additionally TLS provides email security, and reduces the risk of eavesdropping, interception, and alteration of emails as they are sent across the internet.
What you need
- An Administrator Console logon with access to the Services | Gateway | Policies menu item.
Creating a policy
To create a policy, follow the instructions in the Creating / Changing a Policy article, but using the following options:
|Policy Narrative||Provide a description for the Policy to allow you to easily identify it in the future.|
Select one of the following values from the drop down list:
Once the Secure Receipt Policy has been applied, send a test email to check if TLS is being applied as expected. To verify if TLS has been applied, check the Receipt/Delivery view of the message.