MailChannels Transparent Filtering when deployed in transparent mode does not scan TLS encrypted traffic. It is just passed through to the destination without scanning.
However, this is not an ideal situation because spammers can encrypt the outbound mail traffic easily and this results in IP blocklisting.
MailChannels now supports opportunistic TLS in transparent mode. This means that you can still scan all the traffic and encrypt all the connections to receivers who support TLS. All the traffic from MailChannels to the receivers are encrypted.
Sender --(unencrypted) --> MailChannels (in transparent mode) --(encrypted)-->receivers
How do I enable this?
Step 1)
Edit the line
proxy_deny_capabilities DSN,PIPELINING,CHUNKING,BINARYMIME;
And add STARTTLS to it
proxy_deny_capabilities STARTTLS,DSN,PIPELINING,CHUNKING,BINARYMIME;
Step 2)
Change the line
proxy_transparent spoof_client_ip;
to
proxy_transparent spoof_client_ip starttls=opportunistic;
Step 3)
Restart traffic-control
How do I enable this?
where is that instruction from?
is that from Exim Configuration Manage?
in which section should I apply the code?