Skip Navigation LinksHome :: Support :: Hosted Zix Checklist

Customer Responsibilities to Implement Secure Email (“Zix”)


1. Customer Questionnaire

Submit configuration information to xDefenders by filling out the online questionnaire.

Administrator address will receive email notifications and daily reports from Zix.

2. Email Transmission

Ensure the mail server can transmit email in a secure manner to protect sensitive email between the customer site and the Zix hosting center. There are two ways to accomplish this: SMTP over TLS and site-to site VPN

SMTP over TLS on Port 25: To and From

SMTP allows transparent encryption of email called SMTP over TLS on port 25 (not SMTPS). If this feature is not enabled, please enable it.

To Test for TLS: 1. Log in to the command line of any client workstation (Start > Run)

2. Enter: telnet <ip-of-internal-mailserver> 25

3. A line beginning with 220 should appear.

4. If so, enter: ehlo test

5. Several lines will display, if one looks like the following, TLS is enabled.


6. Enter: quit (to exit)

If TLS is not enabled, consult your mail server documentation for instructions. A quick Google search will find step-by-step “how-to” guidelines. Confirm it has been correctly enabled by repeating the steps above.

xDefenders will confirm TLS from the hosted environment to your mail server.

Site-to-site VPN

If SMTP over TLS can not be enabled, a site-to-site VPN must be use. There are three possible scenarios, VPN concentrator already available, the firewall is VPN capable,or xDefenders can deploy a VPN concentrator at the site. xDefenders only supports IPSEC VPN (no PPTP, L2TP, or SSL VPN) with 3DES or AES encryption, Diffie-Hellman group 2, and pre-shared keys (no certificates). Contact xDefenders if a VPN is needed.

3. Allow SMTP Connections to and from Zix hosting center

Allow SMTP connects to and from and through .94 on port 25

4. Create 4 new “A” records for Zix delivery

Use zixvpm.customerdomain (e.g. and

5. If using spf records, make appropriate changes

6. Mail Server Changes

First, confirm with xDefenders that setup is complete.

When everything is in place, smarthost the mail server to “ ” .