Adding Domain TLS Peers

  1. Go to Inbound Protection > Connection Filtering > Transport Layer Security (TLS) Peers or Outbound Protection > Connection Filtering > Transport Layer Security (TLS) Peers (Outbound Protection > Transport Layer Security (TLS) Peers in the old console).
  2. Click Add.
  3. On the Add Domain TLS Peers screen, configure TLS peers for a managed domain.
    1. In the Basic Information section, select a managed domain.
    2. In the Domain TLS Peers section, click Add to add a TLS peer for the selected domain.
    3. Set Status to Enabled to have Trend Micro Email Security apply your specified TLS security level to the new peer.
    4. For inbound protection, specify a sender domain, IP address, or CIDR block as TLS Peer. For outbound protection, specify a recipient domain as TLS Peer.
    5. Specify Minimum TLS Version that the TLS peer must use when communicating with Trend Micro Email Security through the TLS protocol.

      To determine which TLS version to set as the minimum, you can view the number of messages sent with TLS versions lower than the selected version in the last 7 days.

    6. Set the Security level.

      Note that the security levels Opportunistic DANE TLS, Mandatory DANE TLS, and MTA-STS are available only for outbound delivery.


      To ensure messages can be received from the Trend Micro Email Security MTA, configure your firewall to accept email messages from the following Trend Micro Email Security IP address / CIDR blocks:

      • North America, Latin America and Asia Pacific:

      • Europe, the Middle East and Africa:

      • Australia and New Zealand:

      • Japan:

      • Singapore:

      • India:

    7. (Optional) Select Deliver daily reports to TLS peer.

      This option is available when you select Mandatory DANE TLS, Opportunistic DANE TLS, or MTA-STS.

      The reports share success or failure statistics about TLS connections with DANE or MTA-STS support to the specified TLS peer.

    8. (Optional) Test the connection to the TLS peer.
      • For inbound protection, type an email address local part for TLS test.

      • For outbound protection, type a domain name for DANE test or MTA-STS test if you set Security level to Opportunistic DANE TLS / Mandatory DANE TLS or MTA-STS.

  4. Click Save.
  5. Click Submit.