how to verify IronPort TLS is working
Leave a reply
Issue: You have already setup IronPort TLS encryption and need to check whether TLS encryption is occurring on inbound or outbound email communication.
1) Click Monitor > TLS Connections
2) Change the time range to 90 days and review the Incoming TLS Connection statistics to see if there are any TLS connections showing up (Successful or Failed). If you have a high number of Failed TLS connections you may want to verify your IronPort certificate is setup correctly.
3) Read more [...]
Issue: You would like to require (or attempt) TLS encryption on inbound email communications from specific partner email domains.
Solution Snippet: In this walkthrough we will be creating a partner Sender Group and Mail a Flow Policy that prefers or requires TLS encrypted communication.
Solution Walkthrough
Create a new Mail Flow Policy called "TLS_Required_Policy"
click Mail Policies > Mail Flow Policies
click the Add Policy button
put TLS_Required_Policy in the Name field
Scroll down 
These steps walk you through configuring TLS encryption on email communication with specific partner domains or configuring TLS for all Outbound and Inbound email.
TLS for Incoming Mail
Receiving mail is controlled by the HAT Overview/Mail Flow Policies. In other words, when hosts attempting to send mail to your organization connect to your Ironport appliance.
setup TLS encryption for all inbound email
I chose to set TLS Preferred across the board by enabling TLS on my ‘Accepted’ and