download TLS/SSL Toolkit
extract CACert.pem into the CERT or the program directory
extract TLSCert.pem into the CERT\PRIV or the program directory
select Options->System->TLS/SSL and enable TLS/SSL for inbound messages
Set the fields as follows:
Thereafter the program is ready to accept TLS/SSL negotiations from the sender.
By default outbound TLS/SSL is enabled in Options->System->TLS/SSL.
Therefore XWall will negotiate TLS/SSL with every MTA that annouces it.
Sometimes there is the need to make a TLS/SSL connection mandatory for a specific domain.
You can check if XWall is announcing TLS by typing (in a DOS box)
telnet localhost 25
Once the connection is established type
and XWall shows all ESMTP capabilties.
This looks somethig like:
If 250-STARTTLS is present, the sender can negotiate TLS. Else the logfile of XWall will show you the reason why the certificate couldn't be initialized.