Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Using the Transport Layer Security (TLS) function in Deep Discovery Email Inspector (DDEI)

    • Updated:
    • 28 Jan 2019
    • Product/Version:
    • Deep Discovery Email Inspector 3.2
    • Platform:
    • Linux All
Summary

You want to know if an email can be transferred through Deep Discovery Email Inspector (DDEI) by using Transport Layer Security (TLS). This article explains the TLS function in DDEI.

Details
Public

On the DDEI web console, there are three options that can be selected in Administration > Mail Settings > Connections > Transport Layer Security:

Click image to enlarge

  • Enable incoming TLS

    By default, this one is not checked, it means DDEI does not use TLS. If upstreamMTA must use TLS for mail transfer, it will fail to send the email to DDEI and returns an error message similar to the following:

    :

    TLS is required, but was not offered by host 192.168.37.155[192.168.37.155]

    If this option is checked, it means DDEI uses TLS opportunistically. The TLS connection will be established between DDEI and upstream MTA whenever possible.

  • Only accept SMTP connection through TLS

    This option can only be checked when the "Enable incoming TLS" option is checked.

    If this option is checked, the TLS connection is mandatory between DDEI and the upstream MTA. If the upstream MTA does not use TLS, the connection will fail.

  • Enable outgoing TLS

    By default, this option is not selected, it means DDEI does not use TLS for outgoing emails. If downstream MTA must use TLS, DDEI will fail to send the email to the downstream MTA.

    If this option is selected, and the downstream MTA does not use TLS, DDEI cannot send the email to it and returns an error message similar to the following:

    Jan 25 10:03:24|1548410604|ddei31en155 postfix/smtp[30521]: B46B1B213F6: to=<daniel_zhai@cncorelab.com>, relay=192.168.37.109[192.168.37.109]:25, delay=4, delays=3.8/0.01/0.1/0.08, dsn=4.7.0, status=deferred (host 192.168.37.109[192.168.37.109] said: 421 4.7.0 <cncorelabtest@sina.com>: Sender address rejected: Must not use TLS (in reply to MAIL FROM command))

Premium
Internal
Rating:
Category:
SPEC
Solution Id:
1122001
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.