logo
Welcome. Login. New Registrations are disabled.

Notification

Icon
Error

Options
Go to last post Go to first unread
Cimmaron  
#1 Posted : Friday, October 27, 2017 12:42:48 PM(UTC)
Cimmaron
Rank: Administration

Posts: 331

TLS Email Support

​​​​​​​TLS (Transport Layer Security) is an updated, more secure version of SSL (Secure Sockets Layer) both of which are used to encrypt email communication. Cimmaron supports both SSL and TLS.

The decision to send an email using TLS implemented as follows:

  1. If the target email server does NOT support TLS and TLS is NOT required by policy, emails are sent without TLS and no error will be generated.
  2. If the target email server DOES support TLS and TLS is NOT required by policy, emails are sent using TLS.
  3. If the target email server does NOT support TLS and TLS is REQUIRED by policy, emails will be marked as failed with a coorespoinding error message.
  4. If the target email server DOES support TLS and TLS is REQUIRED by policy, emails will be sent using TLS.

In order to support enterprise-specific implementations, a new policy type (ID 21 – RequireTlsForOutboundEmails) has been added. This policy is fully business object context aware and will honor object specific filter expressions.  It's recommended that this policy be assigned to UserID 2 (transmittal service) without any filters.

Some examples:

  1. Specify that TLS should only apply to certain senders: [SenderID] = 1001.
  2. Satisfy a regulatory requirement that Tls must be used for all senders that are based in California for non-marketing emails: Sender.Address.StateID = ‘CA’ AND PriorityTypeID <> 1.
  3. Require TLS for all emails that have attachments: Documents.Count > 0.

In order to facilitate monitoring and troubleshooting for these new features the following criteria and columns were added to transmittal finder:

  1. EmailTlsCertificate – Shows full certificate chain as retrieved from the server. This column WILL always be populated for succesfull TLS connections and SHOULD be populated even for failed TLS connections. Having this data will facilitate troubleshooting and allow administrators to learn why TLS has failed (i.e. expired certificates, untrusted roots, etc.).
  2. EmailTlsExceptionMessage – If TLS fails, the exception will be stored in this column. This column provides diagnostics information in circumstances where TLS fails, but the policy does not require TLS, therefore allowing the email to be transmitted.
  3. EmailTlsProcessingTimeInMs – Time spent, in milliseconds establishing the TLS session. Regular monitoring of this column will allow administrators to turn off TLS for domains that are not validating efficiently.
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.