TLS/SSL Quick Start
Inbound TLS/SSL

download TLS/SSL Toolkit

extract CACert.pem into the CERT or the program directory

extract TLSCert.pem into the CERT\PRIV or the program directory

select Options->System->TLS/SSL and enable TLS/SSL for inbound messages

Set the fields as follows:

Certificate authority certificate file: CACert.pem
Server certificate file: TLSCert.pem
Server private key file: TLSCert.pem

Thereafter the program is ready to accept TLS/SSL negotiations from the sender.
Outbound TLS/SSL

By default outbound TLS/SSL is enabled in Options->System->TLS/SSL.

Therefore XWall will negotiate TLS/SSL with every MTA that annouces it.
Mandatory TLS/SSL

Sometimes there is the need to make a TLS/SSL connection mandatory for a specific domain.

See TLS Inbound Policy

Testing TLS/SSL

You can check if XWall is announcing TLS by typing (in a DOS box)

telnet localhost 25

Once the connection is established type

EHLO something

and XWall shows all ESMTP capabilties.

This looks somethig like:

250-yourserver.domain.com
250-ENHANCEDSTATUSCODES
250-ETRN
250-DSN
250-PIPELINING
250-8BITMIME
250-PRIORITY
250-CHUNKING
250-STARTTLS
250-SIZE
250 XXWALL30

If 250-STARTTLS is present, the sender can negotiate TLS. Else the logfile of XWall will show you the reason why the certificate couldn't be initialized.
©1991-2025 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
support@dataenter.co.at
2022-01-04 / Phone
2022-01-04 / Tablet
Changed: 2022-01-04
Server
Desktop
Copyright ©1991-2025 DataEnter GmbH
Wagramerstrasse 93/5/10 A-1220 Vienna, Austria
Fax: +43 (1) 4120051
support@dataenter.co.at