Ironport TLS issue

morite8269 · ‎10-13-2011

I have a C160 and I am having a problem configuring TLS.

I have created and installed the SSL certificate
I have added the necessary destinations
I have created the SMTP routes
I have tested this and it works fine.

I have then created another gateway so that mail can go out through a different route and out to specific customers.

This is where the problem is as the mail goes through the gateway as expected and gets delivered but without TLS. If I send the message through the standard gateway and to the Internet it is TLS encrypted.

I know I am missing something but I don'tknow what

Any Ideas?

Thanks in advance

Andy

Andreas Mueller · ‎10-14-2011

Hello Andy,

just a guess, do you redirect mail to that new gateway with a filter that has an alt-mailhost action? In this case, you'd have to add the gateway (host name or IP address) as a new destination in the destination control, and enable TLS for it. Otherwise, as the alt-mailhost action has changed the destination, only the default settings will apply.

Regards,

Andreas

steveshipway · ‎10-26-2011

I think you need to amend the default Destination control (Mail Policies/Destination Controls) on the sending Ironport to specify TLS Preferred in order for TLS to be used. You may also need to disable certificate verification if it is a self-signed cert that your are using.

Steve