Re: TLS usage" option to "Preferred

EUR · ‎01-22-2025

I am experiencing an issue with the "Mail Flow Policy" settings in the HAT overview. Specifically, when I set the "TLS usage" option to "Preferred," the policy does not behave as expected.

Currently, with "Preferred" selected, the policy only works when TLS is used. However, my understanding is that it should also work even if TLS is not used, as the "Preferred" option should accept both TLS and non-TLS connections.

Could someone please clarify if this is the intended behavior ?

Jonatan Jonasson · ‎01-22-2025

In the HAT Overview, you have a sender group based on either IP addresses of the sender or the reputation score, which then determines which policy is used.

Any changes in the mail flow policy itself does not determine if the policy is used or not, it only changes what is accepted for this policy.

And by changing the TLS to either preferred or required, your appliance will announce/respond with STARTTLS, so any sending device that also supports TLS may use TLS.

This also means that any device that either does not support or is not configured to use TLS will also work, and your appliance would allow that connection if you only selected "Preferred".

Your understanding is correct.

So how did you come to the conclusion that the policy only works when TLS is used?

EUR · ‎01-22-2025

Hi thanks for the reply, I'll try to explain the situation better in the configuration:

On HAT I entered a range of IPs in the policy that interests me in which I set tls DEFAULT prefferred, I did some tests with a batch and with Mozilla Thunderbird and in both cases if I put tls preferred if I deactivate the TLS I get the error: "STARTTLS extension not supported by server" while if I activate the tls the email goes through

on mozilla T:

it's works

on mozilla t:

it does not works