SMTP TLS Policy

NOTE: This feature is only available with Hermes SEG Pro License.

The Hermes SEG TLS Policy will allow you to create a policy to force TLS encryption when sending/receiving email from specific remote domains. TLS encryption along with S/MIME, PDF or PGP encryption will allow for the absolute best security.

1. Verify Remote Domain Supports TLS Encryption

Before attepting to force TLS encryption for a specific remote domain, you must first ensure that the remote domain's SMTP hosts are able to support TLS encryption.

  1. Send a test email to a recipient on the remote domain.
  2. Navigate to System --> System Logs.
  3. In the Simple Search section, under the Search Text field, enter the email address of the recipient and press the Go button.
  4. In the search results, look for a line similar to the one below where smtp.remotedomain.tld is the remote smtp server hostname:
1872E41D60: to=<someone@domain.tld>, relay=server.remotedomain.tld[75.xxx.xxx.xxx]:25, delay=0.52, delays=0.05/0/0.17/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 46C274158E)</someone@domain.tld>
  1. Next, again in the Simple Search section, under the Search Text field, enter the following string and press the Go button where server.remotedomain.tld is the smtp server hostname from Step 4:
Host offered STARTTLS: [server.remotedomain.tld]
  1. If the search yields results (Figure 1), then it's pretty safe to assume that the remote smtp server support TLS encryption. If you do NOT get any results, do NOT proceed to add a SMTP TLS Policy for that domain because emails will not be delivered.

Figure 1

image-1606158768143.png

2. Add Remote Domain TLS Policy

  1. In the Add domain to the SMTP TLS Policy section, under the Domain Name field, enter the remote domain and click the Add button (Figure 2).

Figure 2

image-1606158777380.png

  1. After you click the Add button, you will notice the remote domain will show up in the Domains to be added to the SMTP TLS Policy section (Figure 3)

Figure 3

image-1606158785264.png

  1. Continue adding SMTP TLS Polcies for remote domain as needed. When finished, click the Apply Settings button on the bottom of the page (Figure 4).

Figure 4

image-1606158794563.png

  1. After clicking the Apply Settings button, you will notice that the remote domains(s) you added will show up in the Existing domain in the SMTP TLS Policy (Figure 5)

Figure 5

image-1606158802150.png

3. Remove Remote Domain TLS Policy

  1. Under the Existing domains in the SMTP TLS Policy section, select the remote domain you want to remove and click the Delete button (Figure 6).

Figure 6

image-1606158810622.png

  1. After you click the Delete button, you will notice the remote domain will show up in the Domains to be deleted from the SMTP TLS Policy section (Figure 7)

Figure 7

image-1606158818610.png

  1. Continue deleting remote domains as needed. When finished, click the Apply Settings button on the bottom of the page (Figure 8).

Figure 8

image-1606158827154.png