Help Center

Enabling Opportunistic TLS in Transparent mode

MailChannels Dedicated when deployed in transparent mode does not scan TLS encrypted traffic. It is just passed through to the destination without scanning. 

However, this is not an ideal situation because spammers can encrypt the outbound mail traffic easily and this results in IP Blacklisting. 

MailChannels now supports opportunistic TLS in transparent mode. This means that you can still scan all the traffic and encrypt all the connections to receivers who support TLS. All the traffic from MailChannels to the receivers are encrypted. 

Sender --(unencrypted) --> MailChannels (in transparent mode) --(encrypted)-->receivers

How do I enable this?

Step 1)
​Edit the line 
proxy_deny_capabilities DSN,PIPELINING,CHUNKING,BINARYMIME;
And add STARTTLS to it
proxy_deny_capabilities STARTTLS,DSN,PIPELINING,CHUNKING,BINARYMIME;
 
Step 2) 
Change the line 
proxy_transparent spoof_client_ip;
to
proxy_transparent spoof_client_ip starttls=opportunistic;
 
Step 3)
Restart traffic-control

 

 

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Please sign in to leave a comment.

Powered by Zendesk