https://support.google.com/a/answer/2520500?hl=ja
Transport Layer Security (TLS) is a security protocol that encrypts email to protect privacy.
By default, a secure TLS connection is always attempted when email is sent from Gmail, but TLS must be used on both the sending and receiving end to establish a secure TLS connection. If the receiving server does not use TLS, the email will still be delivered, but the connection will not be secure. [Add the Secure Transport (TLS) Compliant setting to ensure that TLS is always used for incoming and outgoing mail to and from the specified domains and addresses.
The padlock image that appears next to the recipient's address when you compose a new email in Gmail means that the email will be sent over TLS. This padlock will only appear if the sender account has a Google Workspace subscription that supports S/MIME encryption.
Google Workspace supports TLS versions 1.0, 1.1, 1.2, and 1.3.
Before you begin
Check which TLS versions are supported by the standards your organization has adopted
Check how email sent and received on non-TLS servers is handled
Configure TLS compliance
Configure TLS in the Google Admin Console.
Sign in to the Google Admin Console.
Log in with the administrator account, not your current account norukia.jp@gmail.com.
In the console, access the menu icon "" then "" "Apps" then "Google Workspace" then "Gmail" then "Compliance".
On the left side, select your organization department.
[Hover over Secure Communications (TLS) Compliance and click Settings. To add another TLS setting, click Add another rule.
[Enter a name for the setting in the "Add Setting" box and follow these steps
Configuration Steps
1. affected emails
[Select either or both Inbound and Outbound. To apply TLS to these emails, an address list must be used. The address list is configured in the next step.
For incoming mail, the sender in [From] and the recipient in [To] are checked against the address list for outgoing mail. For incoming mail, the [From] sender must exactly match the address or domain set. For outgoing mail, authentication requirements are checked.
To do this for outgoing mail that has a different secure connection setting applied, check Outgoing - Mail for which secure communication is required by another setting. For example, you can configure mail routing to send mail over a secure connection or set up secure alternate routes for outgoing mail.
2. Use TLS for secure communication when interacting with these domains and email addresses.
To select an existing address list with domains or email addresses that require a TLS connection:
[Click Use Existing List. [The Select Addresses list box will open.
Select one or more address lists to use for TLS configuration.
Click the "X" in the upper left corner to close the "Select Address List" box.
To create a new address list containing domains or e-mail addresses that require TLS connections:
[Click Create or Edit List. The "Manage Address Lists" page will open in a new tab.
[On the "Manage Address Lists" page, click "Add Address List. [The "Add Address List" box opens.
[In the Name field, enter a unique name for the address list.
To add addresses or domains to the new address list, click Add Addresses in Bulk or Add Addresses.
Enter an email address or domain name. To enter more than one, separate them with a space or comma.
[Click "Save" and then return to the "Compliance" tab to complete your TLS settings.
For more information on creating and using address lists, see Applying Gmail Settings to a Specific Sender or Domain. 3.
3. options
Select the configuration options.
Require CA-signed certificate (recommended) - Requires that the client SMTP server present a certificate signed by a trusted Certificate Authority.
Validate the hostname in the certificate (recommended) - ensure that the incoming hostname matches the certificate presented by the SMTP server.
Test TLS connection (optional)-Click "Test TLS connection" to verify the connection to the incoming mail server.
[Click Save at the bottom of the Add Settings box. Your new settings will appear in the table of settings under "Secure Transport (TLS) Compliant.
Changes can take up to 24 hours to complete, but usually take less time. Details
Changes made can be viewed in the Audit Log in the Management Console.
Troubleshooting TLS Errors
If you encounter errors while configuring TLS, follow the recommendations in this section.
If you receive the error "Certificate could not be verified
Please provide feedback on this article
0 コメント:
コメントを投稿