Browse
Fortinet Community
Help
Sign In
Forums
Support Forum
Knowledge Base
Customer Service
FortiGate
FortiClient
FortiAP
FortiAnalyzer
FortiADC
FortiAuthenticator
FortiBridge
FortiCache
FortiCarrier
FortiCASB
FortiConnect
FortiConverter
FortiCNP
FortiDAST
FortiDDoS
FortiDB
FortiDNS
FortiDeceptor
FortiDevSec
FortiDirector
FortiEDR
FortiExtender
FortiGate Cloud
FortiGuard
FortiHypervisor
FortiInsight
FortiIsolator
FortiMail
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR (on-premise)
FortiNDRCloud
FortiPAM
FortiPortal
FortiProxy
FortiRecon
FortiRecorder
FortiSandbox
FortiSASE
FortiScan
FortiSIEM
FortiSOAR
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWebCloud
Wireless Controller
RMA Information and Announcements
FortiCloud Products
ZTNA
4D Documents
Community Groups
Agora
Engage Services
The EPSP Platform
The ETSP Platform
Finland
FortiGate-VM on AWS
Getting Started Resources
Technical Learning
Fortinet for SAP
Discussions
Technical Learning
Knowledge Base
Idea Exchange
Events
FortiSIEM
Discussions
Blog
FortiSOAR
Discussions
Announcements
Idea Exchange
KCS
Blogs
FortiMail
FortiMail provides advanced, multi-layer protection against the full spectrum of email-borne threats
Fortinet Community
Knowledge Base
FortiMail
Technical Tip: How to disable STARTTLS for older M...
Options
Subscribe to RSS Feed
Mark as New
Mark as Read
Bookmark
Subscribe
Printer Friendly Page
Report Inappropriate Content
pchee
Staff
Created on
05-05-2024
10:26 PM
Article Id
313250
Technical Tip: How to disable STARTTLS for older MTA to allow connection with FortiMail
Description
This article describes how to disable FortiMail from offering STARTTLS.
Scope
FortiMail
Solution
Test the connection from [FortiMail Gateway] acting as an MTA and it is possible to see that FortiMail offers STARTTLS in the initial EHLO:
Go to the target receiving host, in this case, it will be [FortiMail Server mode].
Go under
Policy -> Access Control -> Receiving
.
Create a new Policy that defines the source IP and Recipient pattern.
Under the TLS Profile, create a new TLS profile namely NO_STARTTLS with the TLS Option set to NONE.
When performing a second test connection from [FortiMail Gateway], the result no longer offers STARTTLS in the initial connection.
Contributors
pchee
Anthony_E
