SMTP Security 43

Specific Site Policy

This option supports the specification of exceptions to the default settings for SSL/TLS. For example, you may need to exempt a mail server from using SSL/TLS because of lack of TLS support.

To exempt a system, specify the IP Address or FQDN (Fully Qualified Domain Name) of the remote mail server in the Add/Update Site field. Select Don't Use TLS from the dropdown box and click the Update button. The exempted mail server will be listed under the Specific Site Policy.

TLS options include the following:

Don't Use TLS — TLS Mail Delivery is never used with the specified system.

May Use TLS — Use TLS if the specified system supports it.

Enforce TLS — Deliver to the specified system only if a TLS connection with a valid CA-signed certificate can be established.

Loose TLS — Similar to Enforce TLS but will accept a mismatch between the specified server name and the Common Name in the certificate

See “SSL Certificates” on page 94 for more information on installing certificates.

Page 43
Image 43
HP Email Firewall Appliance manual Specific Site Policy