Problem

Routing messages that contain sensitive data through SecureMessenger upon a TLS failure

Resolution

1. Check the "Allow Loopback" row in the "RelayConfigValues" table and make sure it is set with integer value "1". If it is not, change it to 1, then restart EMF SMTP Relay service.
2. Create an "Unencrypted Message Filter" recipient based policy to add a customer header like "X-TLS-Domain: Tried" with exclude condition if the header exists:

3. Create an Unencrypted Message Filter recipient based policy that routes a message to Secure Messenger if the X-TLS-Domain header exists.

4. Setup a routing rule for the domain(s) that you have TLS - with the appropriate settings for TLS (as per the documentation). Setup the routing rules like DNS+Relays and setup the relay to point to 127.0.0.1.

5. Create a record for the domain under the All/External directory folder (or create a directory, place the domain record in it and apply the two policies over that directory - all under the All/External).
6. Create a fake Routing rule for a domain name like smessenger.com and set it to use DNS without TLS.
   a)

   b)

   c)

   d)

7. Create a Policy-based Routing Domain fakedomain.com

8. Create an Unencrypted Message Filter, recipient based, policy to intercept all messages sent from "MessengerSystemAddressList" and route it to the fakedomain.com (policy based routing).

9. Apply the policy on the external domain record (All/External/TLS Domains).