None | Disables TLS and the FortiMail unit does not accept STARTTLS command from the client in receiving direction or does not start TLS in the delivering direction (even if STARTTLS is advertised by the receiving MTA), depending on which direction the TLS profile is applied. |
Preferred | This is the default behavior. Whether TLS is used depends on the other party of the session. |
Encrypt | Enforces TLS encryption. Failure of server certificate validation will not fail the delivery of the email in encryption. In other words, this option only cares about the encryption of the message. |
Secure | Enforces both TLS encryption and certificate validation. Failure of server certificate validation will fail mail delivery. |
Temporarily Fail | If a TLS session cannot be established, the FortiMail unit will fail temporarily and retry later. No DSN will be bounced back. |
Fail | If a TLS session cannot be established, the FortiMail unit will fail the mail delivery immediately and a DSN will be bounced back to notify the sender about the failure. |