TLS Support
Summary: This article explains the support for Transport Layer Security (TLS) provided by DuoCircle to encrypt email transmissions, ensuring secure communication. It also includes a guide to enabling TLS for your account.
Objective
By the end of this article, you will understand how TLS encrypts emails, validate TLS settings, and enable TLS on your DuoCircle account for secure email transmissions.
Introduction
Transport Layer Security (TLS) is a protocol that encrypts email transmissions, protecting communication privacy. DuoCircle offers TLS encryption for both inbound and outbound emails, ensuring that sensitive information remains secure during transfer.
Prerequisites
- Access to your DuoCircle account.
- Permissions to manage product settings within your account.
Step-by-Step Instructions
Understanding TLS Support:
- DuoCircle supports TLS for inbound and outbound email traffic.
- In some cases, TLS must be enabled on a per-domain basis in your account settings.
- Check your configuration using tools like CheckTLS.com.
Trying TLS on mx1.mailhop.org[54.186.60.165] (10):seconds test stage and result [000.072] Connected to server [000.143] <-- 220 inbound3.ore.mailhop.org ESMTP [000.143] We are allowed to connect [000.143] --> EHLO checktls.com [000.239] <-- 250-inbound3.ore.mailhop.org
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-STARTTLS
250-ENHANCEDSTATUSCODES
250 8BITMIME[000.239] We can use this server [000.239] TLS is an option on this server [000.240] --> STARTTLS [000.311] <-- 220 2.0.0 Ready to start TLS [000.311] STARTTLS command works on this server [000.467] Cipher in use: ECDHE-RSA-AES256-GCM-SHA384 [000.467] Connection converted to SSL [000.484] Certificate 1 of 2 in chain: subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
[000.500] Certificate 2 of 2 in chain: subject= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State issuer= /O=Halon Security/CN=mail.duocircle.com/[email protected]/C=AU/ST=Some-State
[000.500] Cert NOT VALIDATED: self signed certificate [000.500] So email is encrypted but the domain is not verified [000.500] Cert Hostname DOES NOT VERIFY (mx1.mailhop.org != mail.duocircle.com) [000.501] So email is encrypted but the host is not verified [000.501] ~~> EHLO checktls.com [000.573] <~~ 250-inbound3.ore.mailhop.org
250-PIPELINING
250-SIZE 52428800
250-VRFY
250-ENHANCEDSTATUSCODES
250 8BITMIME[000.574] TLS successfully started on this server [000.574] ~~> MAIL FROM:<[email protected]> [000.645] <~~ 250 2.1.0 Ok [000.646] Sender is OK [000.646] ~~> RCPT TO:<[email protected]> [000.747] <~~ 250 2.1.5 Ok [000.748] Recipient OK, E-mail address proofed [000.748] ~~> QUIT [000.820] <~~ 221 2.0.0 Bye
We use self signed certificates because our mail servers respond and emulate thousands of different names and it is the most effective way for us to handle this configuration, it does not interfere with the actual security of the messages.
We support end to end TLS internet ------>>>> DuoCircle --------->>>> Your Mail Server
Enabling TLS on your account
Log in to your account, select the service and under the Manage Product settings click on the TLS Mode. Our suggestion is to set it to enabled, however by default for accounts created prior to January 2016 the settings is disabled. We suggest you update this to enhance your email privacy.
All other modules, including phishing protection will continue to work seamlessly.