Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
324 Views 2 Replies Latest reply: Oct 21, 2013 1:11 PM by mtuma RSS
Arshad Apprentice 64 posts since
Nov 19, 2009
Currently Being Moderated

Oct 21, 2013 7:21 AM

Want to disable TLS on Sendmail

I am using  Sendmail Port 25 on Firewall  instead of SMTP for Incoming emails . Now I want that TLS checking option should be disabled on Firewall or comment out .  Because TLS Certficate is installed on Ironmail and not on Firewall. I want to keep Sendmail on Firewall because its logging is very useful and  TLS  should be checked on IronMail. Kindly guide the configuration of how to let sendmail not check TLS ?

  • PhilM Champion 528 posts since
    Jan 7, 2010
    Currently Being Moderated
    1. Oct 21, 2013 8:12 AM (in response to Arshad)
    Re: Want to disable TLS on Sendmail

    Maybe one of the McAfee guys can advise better, but wouldn't think that doing this on the Firewall will make any difference.

     

    If you are using Sendmail on the Firewall then it is acting as an MTA handling an SMTP transaction to the point of completion. After that it will then send the message on to your Ironmail server as a completely new SMTP transaction. External parties are never talking directly to your Ironmail server and I would personally expect that it will be necessary to do so in order for the correct TLS handshake to take place. While it is possible to configure mail security solutions to look into the SMTP header and discard a number of hops in the transaction in order to perform reputation checking and such like, all 'external' SMTP communications to/from your network are being conducted by Sendmail rather than by your Ironmail server.

     

    In order to be able use TLS on your Ironmail server I would expect that you will need to disable Sendmail on the Firewall in favour or transparent SMTP proxies.

     

    -Phil.

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009
    Currently Being Moderated
    2. Oct 21, 2013 1:11 PM (in response to PhilM)
    Re: Want to disable TLS on Sendmail

    Hello,

     

    I would have to agree with Phil on this one. If your intentions are for Ironmail to negotiate TLS with outside servers, and you are going through the Firewall, then either a proxy or filter rule would be required. The other option would be for the firewall to use TLS itself when talking with outside servers.

     

    -Matt

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points