Managed cliend does not support SMTP over TLS ?

[Andrius]

Does managed client support sending emails using secure SMTP over TLS ?
It seems like it does not support this feauture 
Email client Thunderbird.

[Vlk]

Hi Andrius,

and welcome to the avast forums.

No, the mail scanner in the current version of avast does not support scanning of SSL/TLS streams.

Thanks
Vlk

[Andrius]

Hi Vlk,

thanks for quick reply.
Any plans to release new version with tls support soon?

recently purchased 100 licenses of avast and need tls support...

[Vlk]

It depends on your definition of soon but I'm afraid it won't happen too soon...
Honestly, it is not easy. SSL was designed to prevent man-in-the-middle - and that's what the avast mail scanner really is...

BTW you mentioned SMTP - does that mean that you primarily care about outbound mail? Or did you rather mean POP3/IMAP?

Thanks
Vlk

[Andrius]

Yes, the question was about outgoing mail.

The problem is that users use TLS for outgoing mail and can't send emails.

How to disable outgoing mail scanner ?

[Vlk]

Cannot send emails? That sounds pretty strange... What error message are they getting, exactly?
And is it SMTP on port 25 with STARTTLS, or pure TLS connection on port 465?

Thanks
Vlk

[Andrius]

SMTP on port 25 with STARTTLS.
And getting this error with thunderbird:

Sending of message failed.
An error ocured sending mail: Unable to connect to SMTP server x.x.x.x via STARTTLS since it doesn't offer STARTTLS In EHLO reponse. Please verify that your Mail/News account settings are correct and try again.

[vojtech]

Yes, the mail scanner blocks STARTTLS on port 25. To disable SMTP scanning with ADNM, open properties of the respective group in computer catalog and in "Custom ini" tab put these two lines:

[MailScanner]
StartSmtp=0

[Andrius]

Where can i find all defined custom ini parameters ?

[Vlk]

By default, there are no "custom" settings (just the defaults).
Generally, the Custom INI Settings page is for fine-tuning the configuration (i.e. if there's no GUI control for something, you can usually change it by changing a custom INI setting).

[Andrius]

By default, there are no "custom" settings (just the defaults).
Generally, the Custom INI Settings page is for fine-tuning the configuration (i.e. if there's no GUI control for something, you can usually change it by changing a custom INI setting).

But is there a list of settings that can be used ? 

[Vlk]

http://forum.avast.com/index.php?topic=1647.0

But not all of the settings are relevant (and some have dedicated GUI controls).

Cheers
Vlk

[Andrius]

Thanks.
Waiting for TLS support.