By default, we deliver messages using opportunistic Transport Layer Security (TLS). This guide describes how users of the Connect Application can optionally enforce TLS communication between your mail server and us, as well as between us and specified external domains. This ensures full end-to-end TLS communication between your internal server infrastructure and the external domains as shown below:
We recommend adding external domains to ensure full end-to-end TLS communication. Ensure that any external domains you enter support Strict TLS. We support connections using TLS 1.0, 1.1, and 1.2 for AES-256, RC4, MD5, and AnonDHE.
Adding Transport Layer Security Policies
To add a Transport Layer Security policy:
- Click on the Optional | Set Up Your TLS Policies menu item.
- Click on the Start button. A page is displayed listing any current internal server routes.
- Click the Validate button to perform a check to ensure your inbound routes can support enforced TLS. A popup dialog is displayed.
- Enter an Internal Email Address.
- Click on the Test button. If any route doesn't support TLS, you can't proceed to the next step in the task.
If all the routes are capable of enforced TLS, the server can have either a 3rd party supported or self signed certificate. If a 3rd party certificate is used, strict encryption mode is enforced. If a self-signed certificate is used, relaxed mode is enforced.
- A green tick confirms the route is validated in "Strict - Trusted Enforced" or "Relaxed Encryption Mode".
- A red exclamation confirms the route is invalid with "TLS Not Supported".
- Click on the button. All external domains are listed.
- Click on the Add External Domains button. A popup box is displayed.
- Enter all your External Domains, with each on a separate line.Up to 50 addresses can be added at any one time. If you have more than 50, just repeat the process in batches of 50 or less.
- Click on the Continue button. The new domains are listed.
- Click on the Remove link to remove a domain is invalid or already exists. These are shown with a red cross and an error message (e.g. "Duplicate Domain").
- Click on the Add button.
- Click on the Finish button.