Jump To: Support > KB > NetManager > Email > DisableTLS

Disabling TLS sending for certain domains

Newer versions of NetManager will try to send all mail over secure channels using TLS if the receiving server supports it. However, it is not uncommon for the receiver to have a broken TLS implementation which can cause delivery problems as sendmail on NetManager will not trying sending insecurely if the remote end advertises that it can support secure transport.

It is possible to specify a list of mail servers that NetManager should not try to use TLS with. Currently there is no webadmin GUI for this, so this page will document the manual procedure to edit the list.

Step 1: determine the mail servers for the domain

Use the host command to look up the mail servers (N.B. Precedence doesn't have broken mail servers, I'm just using our domain as an example!):

netmanager 1# host -t MX precedence.co.uk
precedence.co.uk mail is handled by 10 mail.ptlnet.com.
precedence.co.uk mail is handled by 20 mx1.ptlnet.com.

Here we see that there are 2 mail servers mail.ptlnet.com and mx1.ptlnet.com.

Step 2: edit the access file to mark those servers as broken

Use joe /etc/mail/access to edit the configuration file. For each mail server add a line in the following format:

Try_TLS:mail.server.name NO

Try_TLS and NO are case-sensitive. You can use spaces or tabs to separate out the two columns; using tabs will make it a little easier to read as the two columns will then be aligned.

So in our example, this would be:

Try_TLS:mail.ptlnet.com NO
Try_TLS:mx1.ptlnet.com  NO

Once you have finished, save the file with Ctrl-K followed by X. Further information on using the joe editor can be found here.

Step 3: rebuild the access database

Run the following command:

makemap hash /etc/mail/access < /etc/mail/access