How to Configure the TLS Settings for SMTP Incoming and Outgoing in Axigen iX (9.0) and X (10.0) for Compatibility with Older Mail Servers

Axigen iX (9.0.0) and X (10.0.0) use by default a more secure TLS configuration when sending and receiving mail with TLS encryption. This configuration may cause incompatibilities when sending or receiving mail to / from older mail servers using STARTTLS.

This article describes how to configure the TLS settings fo the SMTP Sending and SMTP Receiving services in Axigen 9 for compatibility with older mail servers.

Configure the Incoming TLS Settings for Compatibility:

• Navigate into the WebAdmin interface to Services → SMTP Receiving → Listeners section → click the 'EDIT' button next to the listener on port 25 → 'SSL Settings'
• Do not tick the checkbox next to 'Enable SSL for this listener' as the listener on port 25 needs to be a plain listener
• Tick the following checkboxes under 'Allow the following SSL versions': TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3*
• In the textbox next to 'Use Cipher suite', enter the following string: ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
• Save the configuration

The configuration will look similar to the screenshot below:

Configure the Outgoing TLS Settings for Compatibility:

• Navigate into the Webadmin interface to Security & Filtering → Acceptance & Routing → Routing Basic Settings → Outgoing delivery settings → Connection settings sub-section
• The checkbox next to 'Use StartTLS if available' should be ticked
• Tick the checkboxes next to TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3*
• In the textbox next to 'Use Cipher suite', enter the following string: ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
• Save the configuration

The configuration will look similar to the screenshot below: