Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Checking the mail server for Mail Transfer Agent's (MTA) Transport Layer Security (TLS) version

    • Updated:
    • 26 Sep 2017
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 9.0
    • InterScan Messaging Security Virtual Appliance 9.1
    • Platform:
    • N/A N/A
Summary

When enabling Opportunistic Transport Layer Security (TLS) mode, the MTA servers initially check if sending or receiving can perform SMTP transaction in TLS mode. If so, the entire session and process will be done in TLS mode.

IMSS and IMSA TLS support:

ProductBuildTLS Status
IMSVA 9.0With patch1 or laterSupports TLS v1.0/1.1/1.2
IMSVA 9.1From GM BuildSupports TLS v1.0/1.1/1.2
IMSS 7.5 WindowsWith patch1 or laterSupports TLS v1.0/1.1/1.2
IMSS 7.1 LinuxAnyPostfix was provided by users

IMSS and IMSVA SMTP TLS support v1.0, v1.1 and v1.2. In opportunistic mode, it will always try to use the higher TLS version to communicate with sending or receiving MTA.

If the sending or receiving MTA only supports TLS 1.0, IMSS or IMSVA will use TLS 1.0 to communicate with the sending or receiving MTA.

Details
Public

The Administrator can use the following to identify the highest TLS version that their MTA supports:

If the MTA can be accessed through the internet, the Administrator can use www.checktls.com website to check their MTA's TLS version.

  1. Open www.checktls.com website.
  2. Access email > test TO:

    tls version checker

    Click image to enlarge

  3. On the newly opened URL, http://www.checktls.com/perl/live/TestReceiver.pl, provide the test mail address and MTA info.

    For example, the following shows that the TLS status to test is for MTA 218.104.127.134:

    sample test email address and MTA info

  4. Click Run Test to start testing.
  5. Check the SSLVersion info in the result.

    For example, "SSLVersion in use: TLSv1.2" indicates that this MTA supports the highest TLS version which is v1.2

    Check for SSLVersion info

If the MTA could not be accessed through the internet, the Administrator can use the local OpenSSL to check the MTA's supported TLS version directly.

Run the following via the Command line:

openssl s_client -connect MTA:port -starttls smtp

For example, the following is the command used for checking the TLS version for MTA 192.168.50.91:

openssl s_client -connect 192.168.50.91:25 -starttls smtp

Result contains "Protocol : TLSv1.2", this indicates that MTA 192.168.50.91 supports the highest TLS version which is v1.2.

MTA 192.168.50.91

Protocol TLSv1.2

 
If your MTA only supports TLS v1.0, we strongly recommend that you contact your MTA vendor to upgrade your MTA system to support TLS v1.2.
Premium
Internal
Rating:
Category:
Configure; Deploy; Install; Upgrade; Migrate
Solution Id:
1118390
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.