Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1860
Views
10
Helpful
6
Replies

TLS Required: How to bounce immediately on TLS error

cryptochrome
Level 1
Level 1

‎02-03-2020 05:50 AM

Hi,

we have some destinations in the destination controls that are set to "TLS required". Is there any way we can immediately bounce mails if TLS for these destinations is unavailable?

We tried using a custom bounce profile for that, but that bounce profile does act on other error conditions with the destinations as well (e.g. they are greylisting us, host is down, etc.). So that's not an option.

Any recommendations?

Thanks!

Labels:
0 Helpful
6 Replies 6

marc.luescherFRE
Spotlight
Spotlight

‎02-03-2020 06:33 AM

I dont think there are other options available to achieve this beside the bounce profile, but will reach out to my "gang" top find out.

cryptochrome
Level 1
Level 1
In response to marc.luescherFRE

‎02-03-2020 03:34 PM

Thanks. I would really appreciate it. 

0 Helpful

ppreenja
Cisco Employee
Cisco Employee

‎02-10-2020 05:12 AM

Hello ,

Below similar enhancement is in place:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj87101

Please add yourself to the notification so that you get an update as soon as some fix is in place.

Cheers,
Pratham

cryptochrome
Level 1
Level 1
In response to ppreenja

‎02-10-2020 11:14 AM - edited ‎02-10-2020 11:14 AM

Hi,

 

thanks @ppreenja - While this would be a welcome addition, it's not quite what I was looking for. Let me re-iterate:

 

Domain abc.local is on TLS Required list. If email delivery to abc.local fails for any other reason than TLS issue (for example, host is down), keep trying. If mail delivery fails because of TLS issue, immediately bounce. 

Unfortunately, bounce profiles don't allow to make decisions based on error condition. There should be a way to have different bounce and queue/retry bahavior based on error condition. 

Thanks

Sascha

 

0 Helpful

ppreenja
Cisco Employee
Cisco Employee
In response to cryptochrome

‎02-11-2020 04:16 AM

Hi Sascha,

I believe that below enhancement request is the one closest to your requirement to immediately alert without any delay as per bounce profile configuration:

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvp12215

You can add yourself to the notifications for this enhancement request.

Cheers,

Pratham
0 Helpful

cryptochrome
Level 1
Level 1
In response to ppreenja

‎02-11-2020 11:38 AM

It would be close, but still not really what we require. We don't want any delay at all when TLS issues occur. TLS issues (and only TLS issues) should bounce immediately, everything else should be delayed. 

 

0 Helpful
Customers Also Viewed These Support Documents