Enforce Incoming TLS Encryption
By default, all email is securely processed by Mail Assure using TLS encryption as long as the sending or receiving server provides support for it.
These settings are configurable at the Admin level for all domains owned by the Admin or Sub-Admin user from the Customer Management page.
You can specify that TLS is required for specific senders or recipients, in which case if a TLS connection is unsuccessful the inbound email will not be processed and delivered.
- In the Domain Level Control Panel, select Incoming - Protection Settings > Filter settings. The Filter Settings page for the domain is displayed
- Select from the following options to manage Incoming email TLS handling:
From the sending mail server to the Mail Assure server
- Automatically use TLS when possible (recommended) - This is the default setting
- Only process email for any recipients or senders where the mail is received over a TLS connection - Mail received for all recipients from all senders over a TLS connection is processed and delivered, unencrypted connections will be rejected
- Only process email for specific recipients or senders where the mail is received over a TLS connection - Only mail received for specified recipients from listed senders over a TLS connection is processed and delivered. When you select this option, provide the following in the text boxes given:
- Full email addresses of Senders
Separate addresses with a space, or comma, or by pressing enter. You may accept mail from only one address by entering the email address of that sender, or whole domains by using *@domain.invalid in the Sender(s) box, changing domain.invalid to the domain name you wish to receive mail from.
- Local part of the email addresses of Recipients
Separate local parts with a space, or comma, or by pressing enter. Enter * for all recipients at the domain. The local part of an address is anything before the @ symbol, e.g. john.smith@domain.invalid, the local part is john.smith, and should be entered here
- Full email addresses of Senders
- Select from the following options to manage Delivery to destination TLS handling:
From the Mail Assure server to the destination mail server
- Automatically use TLS when possible (recommended) - This is the default setting
- Only process email for any recipients or senders where the mail is received over a TLS connection - Mail received by the destination mail server for all recipients from all senders over a TLS connection is processed and delivered, unencrypted connections will be rejected
- Only process email for specific recipients or senders where the mail is received over a TLS connection - Only mail received by the destination mail server for specific recipients from listed senders over a TLS connection is processed and delivered. When you select this option, provide the following in the text boxes given:
- Full email addresses of Senders
Separate addresses with a space, or comma, or by pressing enter. You may accept mail from only one address by entering the email address of that sender, or whole domains by using *@domain.invalid in the Sender(s) box, changing domain.invalid to the domain name you wish to receive mail from.
- Local part of the email addresses of Recipients
Separate local parts with a space, or comma, or by pressing enter. Enter * for all recipients at the domain. The local part of an address is anything before the @ symbol, e.g. john.smith@domain.invalid, the local part is john.smith, and should be entered here
- Full email addresses of Senders
- Click Save
There are two options for handling different hops of the inbound message connection, neither of these control Outbound mail filter handling.