Setting up policy enforced tls – Google Message Security for Google Apps Administration Guide User Manual

Transport Layer Security

311

Setting Up Policy Enforced TLS

Set up inbound Policy Enforced TLS and outbound Policy Enforced TLS
separately.

WARNING:

If Policy Enforced TLS stops a message, you will not receive an alert or

notification that the message failed. Do not set up Policy Enforced TLS without
verifying successful mail delivery with a test connection.

Set up Inbound TLS by Sender Domain

1.

In the Administration Console, click the Inbound Servers tab and click the TLS
link.

2.

If TLS is set to “Send only SMTP”, change it to allow TLS. The recommended
setting is “SMTP or TLS.” See “Transport Layer Security (TLS)” on page 295
for more information on TLS settings.

3.

Scroll to the Inbound TLS by Sender Domain section, at the bottom of the
page.

4.

Enter the domain name you wish to set as TLS-only. Type the exact domain
name; wildcards and subdomains are not supported.

5.

Click Add. The change takes effect immediately.

To remove one or more domains, check the domains you wish to delete and
click Delete Selected. The changes take effect immediately.

6.

Set up TLS Alerts. For more information, see “TLS Alerts” on page 316.

Set up Outbound TLS by Recipient Domain

Before you can use Outbound TLS by Recipient Domain, set Google Apps to
route outbound mail through the email protection service, and enable TLS on
Google Apps Mail.

1.

In the Administration Console, click the Outbound Servers tab. Select your
administrator organization, and click the TLS link.