LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP. Learn More

Government
Contact Us
Login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Submit RFP
Government
Contact Us
Login

login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

LevelBlue Completes Acquisition of Trustwave to Form the World's Largest Pure-Play MSSP. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Offensive Security

Solutions to maximize your security ROI

Operational Technology

End-to-end OT security

Microsoft Security

Unlock the full power of Microsoft Security

Securing the Cloud

Safely navigate and stay protected

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and fortify organizations

Awards and Accolades

Recognition by analysts and media outlets

Trustwave SpiderLabs Team

Global researchers, ethical hackers, and responders

Trustwave Fusion Security Operations Platform

Unprecedented security visibility and control

Trustwave Security Colony

Access to cybersecurity threat protection resources

Microsoft Security

Unlock the full power of Microsoft Security

Trustwave PartnerOne Program

Join forces with Trustwave to protect against the most advance cybersecurity threats

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » Trustwave MailMarshal (SEG) » HOWTO: Configuring SMTP TLS Reporting in MailMarshal

HOWTO: Configuring SMTP TLS Reporting in MailMarshal

Show/Hide Article Tools

This article applies to:

MailMarshal 11.2 and above
SMTP TLS Reporting

Question:

How do I configure MailMarshal to deliver SMTP TLS reporting to external domains?
What are the basic steps to configure acceptance of SMTP TLS reporting for local domains?

Background:

SMTP TLS reporting is a diagnostic framework that allows sending systems using TLS to share statistics and specific information about potential failures with recipient domains. Recipient domains can then use this information to both detect potential attacks and diagnose unintentional misconfigurations.

SMTP TLS reports can be delivered via email or web posting, at the option of the recipient domain.

For full specifications, see RFC 8460.

MailMarshal 11.2 and above can provide SMTP TLS reporting for issues related to DANE and MTA-STS.

Note: Current versions of MailMarshal do not provide full reporting for STARTTLS

Requirements:

For reporting outbound:

SMTP TLS reporting in MailMarshal requires you to enable DANE and/or MTA-STS. See the following articles:
- Using DANE with MailMarshal
- Using MTA-STS with MailMarshal
The MailMarshal services on all processing servers must be allowed to connect via HTTPS outbound and make POST requests.
- This requirement is to support delivery over HTTPS, which is one of the methods specified in the RFC.
In the Management Console navigate to Configuration > Advanced Settings
- Add a setting: Controller.EnableTLSRPT (boolean) True
- Commit configuration.

To accept reports inbound:

If you want to receive reports by email, configure an appropriate email address to receive the reports (usually one in each domain you are configuriing)
If you want to receive reports over HTTPS, configure a HTTPS web site with a page that accepts zip files by HTTP POST
For each domain, add a DNS TXT record that specifies the email address or web address for report delivery.

The record name format is _smtp._tls.<your domain>
- for example, _smtp._tls.example.com

The record text format is similar to one of the following (substitute your confirgured email address or URL):
- v=TLSRPTv1; rua=mailto:tlsrpt@example.com
- v=TLSRPTv1; rua=https://reporting.example.com/v1/tlsrpt

To contact Trustwave about this article or to request support: