What is TLS?

TLS, otherwise known as Transport Layer Security is a cryptographic protocol that provides end-to-end encryption of data sent between applications over the internet. TLS ensures that malicious users can not eavesdrop on the data you transmit, good examples are passwords, credit card numbers as well as personal correspondence. It is mostly recognized through its use in secure web browsing and in particular the padlock icon that appears in the web browsers once a secure session is established. It can and SHOULD be used for other applications such as file transfers, video, and audio conferencing, messaging, and e-mail as well. DNS (Dynamic Name Server) and NTP (Network Time Protocol) included.

Please note, that TLS does not secure data on end systems, in other words, if the receiving system is compromised, your data will not be protected by this type of encryption. It simply ensures that the data you're sending will be securely delivered over the internet, avoiding possible information leaks. Among other uses, this type of encryption is usually applied over TCP (Transmission Control Protocol) in order to encrypt application layer protocols such as FTP, HTTP, SMTP, and IMAP.

Why should I use TLS?

Without TLS, sensitive information such as logins, credit card details, and other personal information can easily be sniffed out by others. Your browsing habits, e-mails, online chats, and conference calls can be monitored as well. By enabling client-to-server applications to support TLS, you ensure that data transmitted between them is encrypted with secure algorithms while making it very hard to view it by third parties.

Allow yourself some time to read through our setup guide to apply TLS to your mailing services.

Setting up TLS for mail services:

This guide was made using CentOS 7 and Postfix service. Make sure you have done the basic configuration of postfix before setting up TLS.




Chicago (CHI)


Los Angeles (LAX)


Reston (RES)


London (LON)


Frankfurt (FRA)


São Paulo (SAO)


Johannesburg (JHB)


IMPORTANT! Make sure to use the same location relay host domain as your server.


Connect to your server and navigate to the postfix folder.

cd /etc/postfix/

Open main.cf file with your favorite file editor.

vi main.cf


Find the relayhost line and add domain address from the RELAY HOST PER LOCATION list (look at the beginning of this article).

In this case, it's lon-tls.heficed.com:587

IMPORTANT! Make sure to uncomment the line (remove #)

Find the TRANSPORT MAP section and add a line:

transport_maps = hash:/etc/postfix/transport

After both lines are changed, save and close the file.


With file editor open file transport

vi transport

Sometimes the transport file is not created while installing postfix, in that case just create a new file and name it transport.

Inside the file, in the beginning, add these two lines:

heficed.com smtp: lon-tls.heficed.com:587 
postmap hash:/etc/postfix/transport

IMPORTANT! Make sure to change the information accordingly to your needs:
1. heficed.com change with your domain name.
2. lon-tls.heficed.com:587 change to the same as used in relayhost line.

After these two lines are added save and close the file.


Restart the postfix service. In CentOS 7:

systemctl restart postfix

After everything is done you can try sending mail.

IMPORTANT! Your mail will not be delivered until we (Heficed Support) add your server to our filtering list.

To do that please create a Technical Support Ticket at your terminal and fill this form down below:

Subject: "Request to enable TLS for my server/ips"


I have configured my mail server using ->http://kb.heficed.com/en/articles/4725611-how-to-set-up-tls-for-mailing

Please enable TLS for my server and the following additional ips:

Used relay host domain: lon-tls.heficed.com:587

Server location: London (LON)

Server IP: x.x.x.x

Additional mailing ips:



Let me know when TLS is enabled.

IMPORTANT! Make sure to change BOLDED infomation accordingly to your case.


Sit back and relax, your job is done!

Once our team adds your server and IPs to the filtering list we will let you know.

If you have any further questions, make sure to create a Ticket or contact us directly at support@heficed.com

Did this answer your question?