TLS is used to encrypt both inbound and outbound mail. 

Inbound TLS requires an SSL certificate, if you do not have an SSL certificate please see this document on how to create or import an SSL certificate: http://helpdesk.spamtitan.com/support/solutions/articles/4000013127-ssl

Outbound TLS does not require an SSL certificate (the server receiving the mail provides the certificate).

Inbound TLS:

To enable Inbound TLS go to Settings > TLS and click Enable. 

Select the certificate you wish to use from the drop down list.  

Enabling "Include TLS info in Received header" will add TLS details to the received header of all mail received using TLS.

Enabling "TLS Logging" will record TLS information in the text logs on your SpamTitan server.

When Inbound TLS is enabled your SpamTitan server will advertise "STARTTLS" as an available service, any mail server wishing to send mail to you over TLS can issue the STARTTLS command to begin TLS negotiation.

NOTE: You cannot force a server that is sending you mail to use TLS, that would have to be configured on the sending server.

Outbound TLS:

To enable Outbound TLS go to System Setup > Mail Relay > Outbound > Encryption

You have three options for outbound TLS:

  1. Opportunistic TLS for all connections will use TLS for all outbound where the receiving server supports TLS and will revert to normal delivery if TLS is unavailable.
  2. Use TLS only for specified domains allows you to specify what domains can or cannot use TLS.  You can specify no TLS, opportunistic TLS or Mandatory TLS (all mail for that domain has to be sent using TLS, if TLS is unavailable the mail will not be sent).  Domain that are not listed will not use TLS.
  3. A mix of both of the above options.  Use opportunistic TLS for all mail except for the specified domains which have their own configuration.