Securing SmarterMail via TLS (15.5 and above)

This article applies only to SmarterMail 15.5 and above
Please Note: Before proceeding with this process you will be required to have a dedicated IP address, please contact our support team to have an IP address ordered and configured
 
SSL/TLS are security protocols that allow data being transmitted to be encrypted. With TLS encryption users can access email through a third-party email clients without fearing that someone has intercepted their data.TLS will encrypt once the STARTTLS command is sent. TLS uses ports 25, 110, 143.
 
Please Note: If you are a dedicated server customer, you may do this yourself. If you are a shared hosting customer, you must request that this be configured for you by contacting our support team.
 
Prior to configuring SmarterMail to be secured over TLS, the SSL certificate installed on the server must first be exported to a PFX formatted certificate that SmarterMail can read. If an SSL certificate is not yet installed on  the domain, see our SSL Overview article. All the steps outlined below will need to be repeated whenever you either get a new SSL certificate or the existing one expires.
 
Follow these steps to export your SSL certificate to a PFX formatted certificate file and store in Windows' Personal Certificate Store:

Please Note: The steps outlined below assume that you have already assigned your SSL certificate to your site within Plesk

Export and Import Certificate into the Windows Personal Certificate Store
  1. Log into your server via remote desktop
  2. Open IIS
    1. Type Windows Key + R, this will bring up a run dialog box


       
    2. Within the run dialog box, type INETMGR, and select OK, this will open IIS
    3. While in IIS select the server name within the Connections pane


       
    4. In the main window select the option for Server Certificates, this will open the server certificates


       
    5. Within the Server Certificates section, identify which SSL certificate you would like to use to secure you mail


       
    6. Right-click on the certificate and select Export


       
    7. In the Export Certificate window, export the certificate to the desktop of the server (this certificate will be imported and exported again in future steps). For the password use a password that you are going to remember as it will be required when the certificate is re-imported in future steps


       
    8. While still in IIS > Server Certificates, under the actions pane on the right sidebar select Import


       
    9. On the Import window, select the file created on the desktop in the previous step, use the password you created. 

      Please Note: Keep the Select Certificate Store on Personal, this is important

Export Certificate from Personal Certificate Store to SmarterMail

The steps outlined below assume you are still within IIS > Server Certificates
  1. Find the certificate that was imported into the Personal Certificate Store


     
  2. Right-click on the certificate and select Export


     
  3. Within the certificate export window, export the certificate to the following directory C:\SmarterMail\Certificates\<insert domain here>\, if the folders do not exist create them. Name the file <insert domain name here>_SM_<insert current year>. Example name: theprocopios.com_SM_2019. Provide a password that is easy to remember as it will be required when configuring SmarterMail later on

Configure SmarterMail's Ports for SSL/TLS
The steps outlined below will guide you into setting up SSL/TLS ports for your domain within the SmarterMail admin interface:
  1. ​Log into SmarterMail via Control Suite
  2. While in SmarterMail, select the Gear within the menu in the upper left part of the window


     
  3. From the settings section of SmarterMail, select Bindings


     
  4. Select the Ports option from the main window


     
  5. Select the New button to create a new binding


     
  6. The next steps below will apply to the following ports: TLS: 25, 110, 143, or 2525
    1. Choose the protocol you'd like to secure: SMTP, IMAP, or, POP, SMTP-ALT(If available)


       
    2. Change the Encryption to TLS


       
    3. Change the name of the binding to <insert protocol name here> - <insert domain name here>. This will help in identifying bindings later when a certificate needs to be updated or fixed

    4. Provide the path where you exported the PFX certificate, by default and per this knowlegedebase article this file is located in: C:\smartermail\certificates\<insert domain name here\certificate.pfx


       
    5. Provide the PFX password previously created when export the PFX


       
    6. Select the dedicated IP address you wish to create the protocol binding for, select Save to create the protocol binding


       
    7. Rinse and repeat for each protocol binding: 143, 110, and if available 2525
  7. Once you have completed the steps above you should now have secure mail. You can test your TLS connection with the website below:

    CheckTLS - Test Reciever

    Please Note: In order to use this test you will need to actually have an email address setup to test
Please Note: The information below is for ADVANCED USERS ONLY and we will not support any issues with these steps:
Alternatively to check that your TLS/SSL connection is good to go you can run the following commands on a Linux server or MacOSX that has OpenSSL installed:
 
SMTP: openssl s_client -starttls smtp -crlf -connect <insert mail serve hostname or domain name>:25
POP3: openssl s_client -starttls pop3 -crlf -connect <insert mail serve hostname or domain name>:110
IMAP: openssl s_client -starttls imap -crlf -connect <insert mail serve hostname or domain name>:143




     

Add Feedback