Skip to main content

SMTP TLS Settings

It's important to set SMTP TLS in order to transmit e-mail messages between your Hermes SEG machine and other e-mail servers with TLS encryption.

By default, SMTP TLS support in Hermes SEG is disabled. In this section you can enable Hermes SEG TLS support as well as associate the SSL certificate you previously imported or requested.

Hermes SEG supports two SMTP TLS methods:

Opportunistic TLS

In this mode, any time a remote SMTP server makes a connection,  Hermes SEG announces that it supports STARTTLS, however it does not require TLS encryption. This mode, is the recommended mode if you need TLS encryption.

Mandatory TLS

In this mode, any time a remote SMTP server makes a connection, Hermes SEG announces STARTTLS and it will NOT accept email without TLS encryption. This mode should NEVER be used on a public Internet facing Hermes SEG.

Before you can set SMTP TLS, you must first have either imported or requested a SSL Certificate in the System Certificates section for the Host Name you set in the Network Settings.

  • Set the SMTP TLS Mode drop-down to Opportunistic TLS or or Mandatory TLS as required.
  • The SMTP TLS Certificate field is pre-populated with the system-self-signed certificate. If you wish to use a SSL certificate you set in the System Certificates section above, simply delete the system-self-signed entry and start typing the friendly name of the certificate you setup previously that matches the host name you set in the Network Settings. The system will locate the certificate and display it in a drop-down list. Click on the certificate and the system will automatically populate all the rest of the Certificate fields such as the Subject, Issuer, Serial and Type (Figure 1):

Figure 1

image-1642971499398.png

  • Click the Submit button (Figure 2):

Figure 2

image-1642971616360.png

Verify TLS Encryption and Certificate

The easiest way to verify whether or not your Hermes SEG TLS encryption is working correcly as well as verify the certificates you installed, is to goto http://www.checktls.com/perl/live/TestReceiver.pl and run the TestReceiver test.

 

 

 

Back to top