With Halon Engage 26.2, we're continuing to keep outbound email infrastructure ready for what comes next. That means preparing for future security expectations, evolving standards, and modern deployment needs without adding unnecessary complexity. The release adds post-quantum hybrid key exchange to STARTTLS, so outbound connections can protect message confidentiality against tomorrow's decryption capabilities, not just today's.
The release also introduces a migration-oriented configuration structure, with supporting documentation, for teams moving onto Halon Engage from a traditional MTA, so the transition is quicker. The release also adds RFC 9989 support in the DMARC module and support for Ubuntu 26.04, RHEL 10 and Arm-based CPUs.
Together, these updates help operators stay current with evolving standards, infrastructure requirements, and security expectations, while keeping existing deployments stable.
Let's take a closer look.
Most email between servers is encrypted in transit with TLS, negotiated opportunistically or enforced with DANE or MTA-STS. The security of that connection rests on a key exchange, which future quantum computers might break. This matters well before quantum computers actually arrive. An attacker can record encrypted traffic now and decrypt it later, once the capability exists. This is the "harvest now, decrypt later" problem, and it applies to any email carrying information that still has value years from now: account notifications, financial and healthcare messages, anything tied to a long-lived identity.
Halon Engage 26.2 addresses this by adding support for post-quantum key exchange algorithms, including X25519MLKEM768 hybrid key exchange which can be enabled in configuration or dynamically using HSL. When the receiving server supports it, Halon Engage will use PQC, with fallback to classical key exchange options where needed. It runs the classical X25519 exchange and the post-quantum ML-KEM-768 mechanism (NIST's FIPS 203 standard, previously known as Kyber) together and derives the session key from both. The connection stays secure as long as either one holds: if a quantum computer breaks X25519, ML-KEM-768 still protects the session; if a future weakness is found in ML-KEM, X25519 still does. You don't trade away any of today's security to gain tomorrow's.
Adoption of post-quantum key exchange has moved quickly on the web, where browsers and large CDNs already negotiate X25519MLKEM768 on most connections. In email transport, adoption is still early. Adding it now means Halon Engage operators are ready as the industry catches up, and can give a concrete answer when security and procurement teams ask where they stand on post-quantum readiness.
Teams migrating from traditional MTAs bring existing configuration patterns with them:
where settings live
how a policy is expressed
what the moving parts are called.
The friction in a migration is often not the platform itself; it is the gap between that existing model and a new one. Halon Engage 26.2 narrows that gap further with a default configuration template structured to help teams map existing MTA routing, policy, and configuration concepts into Halon Engage more directly, reducing the time spent translating between systems.
The existing configuration approach is unchanged and stays in place for current deployments. The new variation is an additional on-ramp, aimed at shortening the time between a first look and trusting Halon Engage with production traffic. We've expanded the user guides to match, focused on the questions that come up during transition. They explain Halon Engage's concepts, map them to equivalent MTA concepts where relevant, and help teams reach a working setup more quickly.
Arm-based CPUs are increasingly used in server environments because they can deliver good performance with lower power usage and heat generation. Starting with Halon Engage 26.2, we’re now building the Halon Engage components for Arm. This allows you to run Halon on competitively priced Arm servers and eliminates the need for emulation when you develop or test locally on your Arm-powered laptop, for example with Docker Desktop. This gives teams more flexibility when balancing throughput, cost, and deployment strategy across modern cloud environments.
We have also started building for the latest long-term support (LTS) versions of Ubuntu and Red Hat Enterprise Linux and compatible distributions such as Rocky Linux.
As with any release, Halon Engage 26.2 also includes a round of smaller fixes and refinements. Together, these updates reflect our continued commitment to delivering email infrastructure that is built for today’s requirements and ready for what comes next. For the full list of updates, see the changelog.
Get started today
Halon Engage 26.2 is available now through the normal software repository.
If you'd like help enabling post-quantum algorithms, reviewing your configuration, or planning a migration onto Halon Engage, reach out to your Halon representative or request a demo.