Kaspersky Secure Mail Gateway can process email messages that are sent over an encrypted link during a TLS protocol session.
TLS session is a sequence of the following events:
STARTTLS
command to offer the Server to use TLS during SMTP interaction.Ready to start TLS
command and sends the Server certificate to the Client.You can configure the TLS security mode for situations where Kaspersky Secure Mail Gateway receives messages from another server (acts as the Server) or sends messages to another server (acts as the Client).
Some mail servers use unencrypted channels to exchange email messages on the internet. Configuring mandatory TLS encryption in the application will make it impossible to exchange messages with such servers. For this reason, it is recommended to use the following TLS security settings with caution:
By default, the application checks the capability for TLS encryption but does not terminate a connection if encryption is not available. This lets you ensure data exchange with all servers but does not guarantee the security of the communication channels. Email messages transmitted over unencrypted channels could be intercepted, spoofed, or modified by hackers.
To ensure the authenticity and confidentiality of transmitted messages, it is recommended to configure S/MIME in the settings of the mail client being used in your organization.
If you chose to use TLS encryption in application settings to ensure safe data transfer, you will need a security certificate (hereinafter also referred to as the "TLS certificate"). You can use the default certificate automatically created by the application or add your own certificate.