LevelBlue Completes Acquisition of Cybereason.  Learn More

LevelBlue Completes Acquisition of Cybereason.  Learn More

Services
Cyber Advisory
Managed Cloud Security
Data Security
Managed Detection & Response
Email Security
Managed Network Infrastructure Security
Exposure Management
Security Operations Platforms
Incident Readiness & Response
SpiderLabs Threat Intelligence
View All Services
Solutions
BY INDUSTRY
BY REGULATION
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Operational Technology
End-to-end OT security
Microsoft Security
Unlock the full power of Microsoft Security
Securing the IoT Landscape
Test, monitor and secure network objects
Why LevelBlue
About Us
We reduce cyber risk and fortify organizations
Awards and Accolades
Recognition by analysts and media outlets
LevelBlue SpiderLabs
Global researchers, ethical hackers, and responders
LevelBlue Security Operations Platforms
Unprecedented security visibility and control
Security Colony
Access to cybersecurity threat protection resources
Partners
Microsoft Security
Unlock the full power of Microsoft Security
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Register
Login
Resources
BLOGS
UPCOMING
MEDIA & ASSETS
NOTICES
HELP
Loading...
Loading...

LevelBlue Knowledge Base

Home » Knowledgebase » MailMarshal (SEG) » HOWTO: Configuring SMTP TLS Reporting in MailMarshal

HOWTO: Configuring SMTP TLS Reporting in MailMarshal

Expand / Collapse
Show/Hide Article Tools


This article applies to:

  • MailMarshal 11.2 and above
  • SMTP TLS Reporting

Question:

  • How do I configure MailMarshal to deliver SMTP TLS reporting to external domains?
  • What are the basic steps to configure acceptance of SMTP TLS reporting for local domains?

Background:

SMTP TLS reporting is a diagnostic framework that allows sending systems using TLS to share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations. 

SMTP TLS reports can be delivered via email or web posting, at the option of the recipient domain.

For full specifications, see RFC 8460.

MailMarshal 11.2 and above can provide SMTP TLS reporting for issues related to DANE and MTA-STS. 

  • Note: Current versions of MailMarshal do not provide full reporting for STARTTLS 

Requirements:

For reporting outbound:

  • SMTP TLS reporting in MailMarshal requires you to enable DANE and/or MTA-STS. See the following articles:
  • The MailMarshal services on all processing servers must be allowed to connect via HTTPS outbound and make POST requests.
    • This requirement is to support delivery over HTTPS, which is one of the methods specified in the RFC.
  • In the Management Console navigate to Configuration > Advanced Settings
    • Add a setting: Controller.EnableTLSRPT (boolean) True
    • Commit configuration.
To accept reports inbound:
  • If you want to receive reports by email, configure an appropriate email address to receive the reports (usually one in each domain you are configuriing)
  • If you want to receive reports over HTTPS, configure a HTTPS web site with a page that accepts zip files by HTTP POST
  • For each domain, add a DNS TXT record that specifies the email address or web address for report delivery. 
    • The record name format is _smtp._tls.<your domain>
      • for example, _smtp._tls.example.com
    • The record text format is similar to one of the following (substitute your confirgured email address or URL):
      • v=TLSRPTv1; rua=mailto:tlsrpt@example.com
      • v=TLSRPTv1; rua=https://reporting.example.com/v1/tlsrpt

To contact LevelBlue about this article or to request support:

Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster.


Execution: 0.031. 9 queries. Compression Disabled.
Powered by InstantKB.NET