How to configure the TLS settings for SMTP incoming and outgoing in Axigen iX (9.0) and X (10.0) for compatibility with older mail servers

When receiving mail from a mail server which is not compatible with the default TLS configuration of Axigen iX (9) or X (10) for incoming connections, the error message from Axigen's SMTP Receiving (SMTP-IN) log is:

Error initializing TLS

When sending mail to a mail server which is not compatible with the default TLS configuration of Axigen iX (9) or X (10) for outgoing connections, the error message from Axigen's SMTP Sending (SMTP-OUT) log is:

Unable to perform STARTTLS

Error cause

Axigen iX (9.0.0) and X (10.0.0) use by default a more secure TLS configuration when sending and receiving mail with TLS encryption. This configuration may cause incompatibilities when sending or receiving mail to / from older mail servers using STARTTLS. This article describes how to configure the TLS settings fo the SMTP Sending and SMTP Receiving services in Axigen 9 for compatibility with older mail servers.

Resolution

Configure the incoming TLS settings for compatibility:

  • Navigate into the WebAdmin interface to Services → SMTP Receiving → Listeners section → click the 'EDIT' button next to the listener on port 25 → 'SSL Settings'
  • Do not tick the checkbox next to 'Enable SSL for this listener' as the listener on port 25 needs to be a plain listener
  • Tick the following checkboxes under 'Allow the following SSL versions': TLS1.0, TLS1.1, TLS1.2
  • In the textbox next to 'Use Cipher suite', enter the following string:
    			ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    		
  • Save the configuration

The configuration will look similar to the screenshot below:


Configure the outgoing TLS settings for compatibility:

  • Navigate into the Webadmin interface to Security & Filtering → Acceptance & Routing → Routing Basic Settings → Outgoing delivery settings → Connection settings sub-section
  • The checkbox next to 'Use StartTLS if available' should be ticked
  • Tick the checkboxes next to TLS1.0, TLS1.1, TLS1.2
  • In the textbox next to 'Use Cipher suite', enter the following string:
    			ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    		
  • Save the configuration

The configuration will look similar to the screenshot below:


Applies to
Releases: Axigen 9..xAxigen 10..x
OS: LinuxWindowsFreeBSDSolaris