Help Center

Enabling Opportunistic TLS in Transparent mode

MailChannels Transparent Filtering when deployed in transparent mode does not scan TLS encrypted traffic. It is just passed through to the destination without scanning. 

However, this is not an ideal situation because spammers can encrypt the outbound mail traffic easily and this results in IP blocklisting. 

MailChannels now supports opportunistic TLS in transparent mode. This means that you can still scan all the traffic and encrypt all the connections to receivers who support TLS. All the traffic from MailChannels to the receivers are encrypted. 

Sender --(unencrypted) --> MailChannels (in transparent mode) --(encrypted)-->receivers

How do I enable this?

Step 1)
​Edit the line 
proxy_deny_capabilities DSN,PIPELINING,CHUNKING,BINARYMIME;
And add STARTTLS to it
proxy_deny_capabilities STARTTLS,DSN,PIPELINING,CHUNKING,BINARYMIME;
 
Step 2) 
Change the line 
proxy_transparent spoof_client_ip;
to
proxy_transparent spoof_client_ip starttls=opportunistic;
 
Step 3)
Restart traffic-control

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

  • Avatar
    Ernesto Dionisio Jr

    How do I enable this?
    where is that instruction from?
    is that from Exim Configuration Manage?
    in which section should I apply the code?

    Edited by Ernesto Dionisio Jr
    Comment actions Permalink

Please sign in to leave a comment.