1
Does SmarterMail support SMTP TLS?
Question asked by William Vasu - August 14, 2014 at 8:56 AM
Answered
Security requires that mail between SMTP servers be encrypted as well. Does SmarterMail use TLS when it forwards the email message to the recipient's SMTP server?

4 Replies

Reply to Thread
1
Derek Curtis Replied
August 14, 2014 at 9:01 AM
Employee Post
Yes, as long as TLS is set up on the SMTP Out tab. (Log in as the System Admin and go go Settings -> Protocol Settings and click the SMTP Out tab.) On that tab there's a setting for "Enable TLS if supported by the remote server" - so with that checked the message will use TLS when being sent. 
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
William Vasu Replied
August 15, 2014 at 6:46 AM
Will this work with a self-signed certificate?
0
Bruce Barnes Replied
August 29, 2014 at 3:04 AM
For best results, use a commercial certificate, make certain you have SmarterMail running under IIS, and have all of your internal, SmarterMail ports and hostnames properly configured. I will edit this post later today to include a couple of my resource documents to give you more detail on how to accomplish this.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
2
Bruce Barnes Replied
August 30, 2014 at 2:45 AM
Here's a document on the ports which we have setup for SSL / TLS in SmarterMail  This requires SmarterMail ADMIN level access:
 
 
You will also need to setup your IP to HOSTNAME mappings, map those ports to the IP ADDRESSES which will use them and make certain your DNS has the proper "A" or HOST RECORDS listed for the MX records.
 
SmarterMail BINDINGS Meny
SmarterMail BINDINGS Menu
 
Remember, CNAMES ARE PROHIBITED for use with MX or E-MAIL records.  Everything must be designated via "A" or "HOST" records.
 
Here's the IETF citation which mandates A or HOST records [they are one in the same, but some people know them by different names]:
 
  • RFC 2181, section 10.3 says that host name must map directly to one or more address record (A or AAAA) and must not point to any CNAME records.
     
  • RFC 1034, section 3.6.2 says if a name appears in the right-hand side of RR (Resource Record) it should not appear in the left-hand name of CNAME RR, thus CNAME records should not be used with NS and MX records.
I mention this only because the use of CNAMES for MX servers in DNS will almost always BREAK SSL, TLS, and AUTODISCOVERY DNS records because of the additional lookup time required.

Additional DNS lookup time is caused by the fact that the CNAME usually refers to an A record which then refers to an IP address and, between the additional timing lookup, the fact that many MX servers time out too quickly, and the fact that many interconnects are overloaded with traffic, the use of CNAMES is causing failures more frequently than ever.

The problem is exacerbated when CNAMES refer to other CNAMES and DNS lookup times are extended further.
 
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting

Reply to Thread