This may be very simple to do but haven't configured Ironport appliances before. I need to allow TLS from a postini business
partner. Should I be configuring a new listener? Or can I add the vendor's domains to the current incoming mail listener and assign a certificate? Trying to find some configuration examples, GUI or CLI but haven't found anything yet.
just configure a Sendergroup for the sender servers (or their namespace) and assign a policy where you enable tls (preferred/required/prefered-verify/required-verify) for them without the verify option this should work also with your selfsigned cert's.