In order for Symantec Protection Center to successfully send email messages, the SMTP server must be configured for TLS and advertise STARTTLS. By default, SMG is not setup this way.

Use the following steps to configure Messaging Gateway for TLS connections:

1. Login to the SMG Web interface
2. Click on the Administration button
3. Click on the Certificates link under the Settings header in the sidebar
   
4. On the Certificate Settings page, click on either the Import or Add button to setup a certificate on the SMG server
   
5. Click on the Configuration link in the Hosts header in the sidebar
   
6. Click on the Scanner you want to modify
   
7. Select the SMTP tab
   
8. Under Inbound Mail Settings check the Accept TLS encryption box and select a certificate from the drop-down list
   
    
9. Click the Save button at the bottom of the page

At this point the SMG Scanner may need to restart its services. After it is back up, you can check to see if STARTTLS is being advertised by using telnet:

• Open a Command prompt
• Enter telnet <IPOfSMGScanner> <Port>   (For example telnet 10.101.14.123 25)
• After you are connected type EHLO example.com
• You should see a list of connectivity options which includes 250-STARTTLS