What’s new this week

Option to require delivery using TLS

The normal behavior for mail delivery is that a secure (TLS) connection is established whenever both the sending and receiving servers support it; all our servers support TLS, so a TLS connection will be used as long as the server on the other side has support. If a secure connection is required (ie. if one cannot be established delivery should fail) then the best way to handle this is to use DANE. However, DANE cannot require a TLS connection only for specific mailboxes, and can be complicated to configure, as it requires DNSSEC.  

This release adds a new option to address these limitations. The incoming “Filter settings” page has a new “Require TLS settings” section, where you can configure requirements for a TLS connection for mail from senders to the filtering servers, and/or for mail from the filtering servers to your destination servers.

If you have specific requirements, you may either require that all mail for the domain is transmitted over a TLS connection, or that mail for specific recipients or from specific senders must be transmitted over a TLS connection. Note that doing so introduces the risk that some servers will no longer be able to send mail to your mailboxes in case of TLS issues.

Changelog

Front-end / GUI:

• Resolved: fixed an issue that could prevent the bandwidth overview working correctly (MMA-1281)
• Changed: the ability to see the history of failed delivery attempts, which was removed in the 20190416 build, has been restored.
• Added: the incoming filter settings page now includes the option to require use of TLS (MMA-330)