Here's a document on the ports which we have setup for SSL / TLS in SmarterMail This requires SmarterMail ADMIN level access:
You will also need to setup your IP to HOSTNAME mappings, map those ports to the IP ADDRESSES which will use them and make certain your DNS has the proper "A" or HOST RECORDS listed for the MX records.
Remember, CNAMES ARE PROHIBITED for use with MX or E-MAIL records. Everything must be designated via "A" or "HOST" records.
Here's the IETF citation
which mandates A or HOST records [they are one in the same, but some people know them by different names]:
- RFC 2181, section 10.3 says that host name must map directly to one or more address record (A or AAAA) and must not point to any CNAME records.
- RFC 1034, section 3.6.2 says if a name appears in the right-hand side of RR (Resource Record) it should not appear in the left-hand name of CNAME RR, thus CNAME records should not be used with NS and MX records.
I mention this only because the use of CNAMES for MX servers in DNS will almost always BREAK SSL, TLS, and AUTODISCOVERY DNS records because of the additional lookup time required.
Additional DNS lookup time is caused by the fact that the CNAME usually refers to an A record which then refers to an IP address and, between the additional timing lookup, the fact that many MX servers time out too quickly, and the fact that many interconnects are overloaded with traffic, the use of CNAMES is causing failures more frequently than ever.
The problem is exacerbated when CNAMES refer to other CNAMES and DNS lookup times are extended further.
Phone: (224) 444-0169
E-Mail and DNS Security Specialist
Network Security Specialist
Customer Service Portal: https://portal.chicagonettech.com
Security Blog: http://networkbastion.blogspot.com/
Web and E-Mail Hosting, E-Mail Security and Consulting