TLS Sending Connection Settings
Mailgun exposes flags for mail delivery that will work at the Domain or per Message level. This allows you to control how messages are delivered.
Table of Contents
Note: The Message level/setting will OVERRIDE the Domain level/setting.
Require tls
If set to True, messages can only be sent over a TLS connection. If the TLS connection cannot be established, Mailgun will not deliver the message. If set to False, Mailgun will try to upgrade the connection. If Mailgun cannot upgrade the connection, the message will be delivered over a plaintext SMTP connection. The default is False.
Skip verification
If set to True, the certificate and hostname will not be verified when trying to set up a TLS connection, and Mailgun will accept any certificate during delivery. If set to False, Mailgun will verify the certificate and hostname. If either one cannot be verified, a TLS connection will not be set up. The default is False.
Look at the table below to help you better understand the configuration possibilities and potential issues.
Tip:
Consider the type of threat you are concerned with when deciding how to configure sending settings.** By default, require-tls and skip-verification are false.
| Require-tls | Skip-verification | TLS | TLS Active Attack (MITM) | TLS Passive Attack (Capture) | Passive Plaintext Capture |
|---|---|---|---|---|---|
| false | false | Attempt | Not Possible | Not Possible | Possible via downgrade |
| false | true | Attempt | Posible | Not Possible | If STARTTLS not offered |
| true | false | Required | Not Possible | Not Possible | Not Possible |
| true | true | Required | Possible | Not Possible | Not Possible |
Additionally, the following fields are available in your logs under delivery-status to indicate how the message was delivered:
| Field | Description |
|---|---|
tls |
Indicates if a TLS connection was used or not when delivering the message |
Certificate-verified |
Indicates if Mailgun verified the certificate or not when delivering the message |
mx-host |
Tells you the MX server Mailgun connected to deliver the message |
