What methods can GMS provide for encrypting outbound e-mail?

  1. Home
  2. Knowledge Base
  3. GMS
  4. What methods can GMS provide for encrypting outbound e-mail?

Answer

As described in KB 4193, GMS can provide multiple methods for securing e-mail delivered via SMTP.

If the receiving server you are connecting to claims to support STARTTLS, the connection is only encrypted after a successful “handshake” between the two servers. This will occur after the “EHLO” clause and after the STARTTLS command is issued by the sending client/server. The log extract below shows activity both pre and post secure SMTP.
As mentioned, the connection only becomes secure after the STARTTLS handshake denoted by [x] in the log.

A 02122 2 220 mail.gordano.com (AB0000.00.cb38f070) ready for ESMTP transfer
A 00000 2 EHLO Server123.test.dom
A 02122 2 250-mail.gordano.com Hello Server123.test.dom [1.2.3.4]
A 02122 2 250-PIPELINING
A 02122 2 250-SIZE 102400000
A 02122 2 250-ENHANCEDSTATUSCODES
A 02122 2 250-8BITMIME
A 02122 2 250-ETRN
A 02122 2 250-DSN
A 02122 2 250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 789129kw653421944619749
A 02122 2 250-XRCPTLIMIT 100
A 02122 2 250-STARTTLS
A 02122 2 250-XAUD 789129kw653421944619749 0.9
A 02122 2 250 HELP
A 00000 2 STARTTLS
A 02122 2 220 2.5.0 TLS connection requested.
A 00000 2 [x] EHLO Server123.test.dom
A 02122 2 [x] 250-mail.gordano.com Hello Server123.test.dom [1.2.3.4]
A 02122 2 [x] 250-PIPELINING
A 02122 2 [x] 250-SIZE 102400000
A 02122 2 [x] 250-ENHANCEDSTATUSCODES
A 02122 2 [x] 250-8BITMIME
A 02122 2 [x] 250-ETRN
A 02122 2 [x] 250-DSN
A 02122 2 [x] 250-AUTH LOGIN DIGEST-MD5 CRAM-MD5 789129kw653421944619749
A 02122 2 [x] 250-XRCPTLIMIT 100
A 02122 2 [x] 250-XAUD 789129kw653421944619749 0.9
A 02122 2 [x] 250 HELP
A 00000 2 [x] MAIL From:<postmaster@test.dom> SIZE=1909
A 02122 2 [x] 250 2.5.0 OK.
A 00000 2 [x] RCPT To:<user123@gordano.com>
A 02122 2 [x] 250 2.5.0 OK.
A 00000 2 [x] DATA
A 02122 2 [x] 354 3.5.4 Start mail input, end with <CRLF>.<CRLF>.
A 00000 2 [x] .
A 02122 2 [x] 250 2.5.0 Received message ekadzlba OK.
A 00000 2 [x] QUIT
A 02122 2 [x] 221 2.5.0 Goodbye Server123.test.dom

A prerequisite for a successfully encrypted channel is that you have a valid SSL certificate installed on your server. Please contact Gordano Sales for more information.

Alternatively, if your GMS server is configured to listen on secure port 465 and your firewall allows traffic to this port, the entire SMTP connection to your server will be secure instead of after the "handshake" as shown in the example above.

If you wish to force SSL communication in GMS when connecting to specific mail servers, this is possible and explained here

If you attempt to connect to port 465 from a NON SSL aware client, you may see a failure similar to the following in your SMTP log.

SMTP 13 Feb 2007 11:35:19.166 A 03159 676846 Connection from [1.2.3.4] [1.2.3.4]
SMTP 13 Feb 2007 11:35:23.837 F 08203 676846 1.2.3.4 TLS request failed (164)

Thirdly there is another SMTP port (non-secure) in addition to the familiar port 25 and port 465. This is known secure the SMTP Submission port which is reserved as port 587. SMTP Submission forces the requirement of SMTP authentication prior to accepting a message.

Further information regarding SSL and SSL certificates can be found in the “See also” section below.

See Also:

Keywords:ssl secure encrypt port 465 starttls esmtp tls

Was this article helpful?

Related Articles