Securing Your SmarterMail With SSL / TLS

SSL certificate helps to encrypt the connection between the 2 connection point so the data is transmitted over the channel as a series of random encrypted code instead of the plain text, this helps to avoid the data being tampered to retrieve the content. SSL certificate is widely being used by website especially for website that accept ecommerce payment or have any login form that will serve to protect the password being sent to the server.

Nowadays, as email communication has also being adopted to have SSL setup as to protect the sensitive email content from being hijacked. If you have SmarterMail running as your organization mail server, you can easily get this setup. Here’s how…

Applies to SmarterMail 8.x – 15.x

Prior to configuring SmarterMail to be secured over SSL or TLS, the SSL certificate installed on the server must first be exported to a Base-64 Encoded certificate that is readable by SmarterMail.

Follow these steps to export your SSL certificate to a Base-64 encoded certificate file:

  1. Sign into the Windows server in which SmarterMail is installed
  2. Click Start, select Run
  3. Type MMC, press enter.
  4. Navigate to File -> Add\Remove Snap ins
  5. In the available snap-ins column select Certificates and hit Add
  6. A new window will appear, choose Computer account and hit next.
  7. Ensure local computer is selected and hit finish.
  8. Now there will be a certificate tree view, expand Personal, and choose certificates.
  9. Right click the certificate in which you wish to export -> All Tasks -> Export.
  10. A new window will appear, hit next.
  11. Do not export private key’s -> Next
  12. Save as a base64 x509 .cer file -> Next
  13. Choose a save location such as C:\SmarterMail\Certificates\<SiteName> – Name the certificate, click Save.

Follow these steps to add a port to listen over SSL or TLS:

  1. Log in to SmarterMail as the system administrator.
  2. Click the Settings icon.
  3. Expand the Bindings folder and click Ports in the navigation pane.
  4. Click New in the content pane toolbar. A popup window will display.
  5. Complete the following required fields: Protocol, Encryption (SSL or TLS), Name, Port and Certificate Path. All other fields are optional.
  6. Click Verify Certificate in the lower right corner of the popup window to ensure the certificate exists in the specified path.
  7. Click Save.

NOTE: Using similar steps as above, modify your existing port 25 to be encrypted with SSL or TLS.

Once you have added SSL to a port, you can follow the instructions below to add the port to listen on an IP:

  1. Log in to SmarterMail as the system administrator.
  2. Click the Settings icon.
  3. Expand the Bindings folder and click IP Addresses in the navigation pane.
  4. Select desired IP address and click Edit.
  5. Use the checkboxes to select the port(s) you would like the IP address to listen on.
  6. Click Save.

NOTE: For these changes to take effect, the SmarterMail service must be completely stopped then restarted.

Here’s how it would look like..

Setup SSL/TLS for SmarterMail

Some important message to be aware between SSL/TLS : TLS will encrypt once the STARTTLS command is sent. TLS will need to be set up over port 25, 110, 143 and SSL over ports 465, 993, and 995.

SSL certificate is not included by default by Smartertools when you purchase the license from SmarterTools. However, we are including this FREE for you when you purchase any of the SmarterTools license new license or reinstate/renew your SmarterTools upgrade protection with us. You can leverage the same SSL certificate to setup the secure WebMail access at your IIS server for your mail server to allow them to login to the webmail with HTTPS.

Share With Us About Your Thoughts....