Create a Post
Showing results for 
Search instead for 
Did you mean: 

IPS rejects encrypted mail


For general awareness, as this might loose you e-mail if you're not looking at your smtp logs, if you have IPS set to strict and you expect to receive SMTP with opportunistic encryption (STARTTLS), IPS will drop certain SMTP connections.

I couldn't find a knowledge base article with a few quick searches, to here are the details.

Tested on 790 GW with R77.20.87 build 3004.

The protection "SMTP STARTTLS Command" (smtp_starttls_enable)" will be enabled on strict, or custom IPS settings that include it.


The corresponding postfix log after setting the signature to detect, looks like the following


postfix/smtpd[25955]: Anonymous TLS connection established from XXXX[199.7.a.b]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)


You can set the IPS signature it to detect and log manually in case you need to correlate events.

0 Kudos
1 Reply

Again a reason to not use the Strict IPS policy - in addition to not to use Strict Firewall Policy...

0 Kudos