beautypg.com

Requirements, How policy enforced tls works, Inbound policy enforced tls mail flow – Google Message Encryption Administration Guide User Manual

Page 13

background image

14

Postini Encryption Services Administration Guide

Requirements

Policy Enforced TLS is set up separately for inbound and outbound mail.

To set up Policy Enforced TLS for inbound or outbound mail requires the
following:

Support on your mail server for Transport Layer Security (TLS).

Administration Console read and write permissions for Inbound Transport
Security on the email config level.

To set up Policy Enforced TLS for outbound mail requires the following

Support on your mail server for Transport Layer Security (TLS).

Administration Console read and write permissions for Outbound Transport
Security and Outbound Server Management on the email config level.

Support on your server for Outbound Services.

Setting up TLS on your server ensures that your confidential email is secure
throughout transmission. For information on implementing TLS on your mail
server, check your mail server documentation. If you are using multiple servers,
enable TLS on each server that routes mail to the email protection service.

For more information about Transport Layer Security in the Administration
Console, see Transport Layer Security in the Email Security Service
Administration Guide.

For instructions on how to route your outbound mail through Outbound Services,
see the Outbound Services Configuration Guide.

How Policy Enforced TLS Works

Following is an overview of the data flow of Policy Enforced TLS. Policy Enforced
TLS handles inbound and outbound mail flow separately.

Inbound Policy Enforced TLS Mail Flow

If you have Policy Enforced TLS enabled for inbound mail, specify a list of sending
domains. Mail from these domains will be encrypted, while other domains use
your normal TLS rules.

For inbound mail traffic, the email protection service acts as a proxy between the
sending server and your mail server. Inbound messages are received through two
separate SMTP connections.The first connection is from the sending server to the
email protection service. The second connection is from the email protection
service to your mail server.

This diagram shows the flow of TLS messages between servers:

See also other documents in the category Google Software: