I am using Sendmail Port 25 on Firewall instead of SMTP for Incoming emails . Now I want that TLS checking option should be disabled on Firewall or comment out . Because TLS Certficate is installed on Ironmail and not on Firewall. I want to keep Sendmail on Firewall because its logging is very useful and TLS should be checked on IronMail. Kindly guide the configuration of how to let sendmail not check TLS ?
Maybe one of the McAfee guys can advise better, but wouldn't think that doing this on the Firewall will make any difference.
If you are using Sendmail on the Firewall then it is acting as an MTA handling an SMTP transaction to the point of completion. After that it will then send the message on to your Ironmail server as a completely new SMTP transaction. External parties are never talking directly to your Ironmail server and I would personally expect that it will be necessary to do so in order for the correct TLS handshake to take place. While it is possible to configure mail security solutions to look into the SMTP header and discard a number of hops in the transaction in order to perform reputation checking and such like, all 'external' SMTP communications to/from your network are being conducted by Sendmail rather than by your Ironmail server.
In order to be able use TLS on your Ironmail server I would expect that you will need to disable Sendmail on the Firewall in favour or transparent SMTP proxies.
I would have to agree with Phil on this one. If your intentions are for Ironmail to negotiate TLS with outside servers, and you are going through the Firewall, then either a proxy or filter rule would be required. The other option would be for the firewall to use TLS itself when talking with outside servers.