Overview of Certificates and SMTP Authentication
The email gateway supports the use of client certificates to authenticate SMTP sessions between the email gateway and users’ mail clients. The email gateway can request a client certificate from a user’s mail client when the application attempts to connect to the email gateway to send messages. When the email gateway receives the client certificate, it verifies that the certificate is valid, has not expired, and has not been revoked. If the certificate is valid, the email gateway allows an SMTP connection from the mail application over TLS.
Organizations that require their users to use a Common Access Card (CAC) for their mail clients can use this feature to configure the email gateway to request a certificate that the CAC and ActivClient middleware application will provide to the email gateway.
You can configure the email gateway to require users to provide a certificate when sending mail, but still allow exceptions for certain users. For these users, you can configure the email gateway to use the SMTP authentication LDAP query to authenticate the user.
Users must configure their mail client to send messages through a secure connection (TLS) and accept a server certificate from the email gateway.
Related Topics
How to Authenticate a User with a Client Certificate
Do This |
More Info |
|
---|---|---|
Step 1 |
Define a certificate query for your LDAP server. |
|
Step 2 |
Create a certificate-based SMTP authentication profile. |
Authenticating an SMTP Connection Over TLS Using a Client Certificate |
Step 3 |
Configure a listener to use the certificate SMTP authentication profile. |
Listening for Connection Requests by Creating a Listener Using Web Interface |
Step 4 |
Modify the RELAYED mail flow policy to require TLS, a client certificate, and SMTP authentication. |
How to Authenticate a User with an SMTP Authentication LDAP Query
Do This |
More Info |
|
---|---|---|
Step 1 |
Define an SMTP authentication query for your server that uses an allowance query string and Bind for the authentication method. |
|
Step 2 |
Create an LDAP-based SMTP authentication profile. |
|
Step 3 |
Configure a listener to use the LDAP SMTP authentication profile. |
If the user is not allowed to use LDAP-based SMTP authentication for their connection, you can select whether the email gateway rejects the connection or temporarily allows it while logging all activity. |
Step 4 |
Modify the RELAYED mail flow policy to require TLS and SMTP authentication. |
How to Authenticate a User with an LDAP SMTP Authentication Query if the Client Certificate is Invalid
Do This |
More Info |
|
---|---|---|
Step 1 |
Define an SMTP authentication query for your server that uses an allowance query string and Bind for the authentication method. |
|
Step 2 |
Define a certificate-based query for your LDAP server. |
|
Step 3 |
Create a certificate-based SMTP authentication profile |
Authenticating an SMTP Connection Over TLS Using a Client Certificate |
Step 4 |
Create an LDAP SMTP authentication profile. |
|
Step 5 |
Configure a listener to use the certificate SMTP authentication profile. |
Listening for Connection Requests by Creating a Listener Using Web Interface |
Step 6 |
|